CVE-2019-6572

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/108412	Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/ICSA-19-134-09	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:siemens:simatic_wincc_\(tia_portal\)::::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime:::::advanced:::*
	cpe:2.3:a:siemens:simatic_wincc_runtime:::::professional:::*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_tp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_tp:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_mp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_mp:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_op_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_op:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-14 20:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-6572

Mitre link : CVE-2019-6572

CVE.ORG link : CVE-2019-6572

JSON object : View

Products Affected

siemens

simatic_hmi_ktp_mobile_panels_ktp400f_firmware
simatic_hmi_ktp_mobile_panels_ktp700f
simatic_hmi_comfort_outdoor_panels_firmware
simatic_hmi_tp_firmware
simatic_hmi_mp_firmware
simatic_hmi_comfort_outdoor_panels
simatic_wincc_runtime
simatic_hmi_mp
simatic_hmi_ktp_mobile_panels_ktp900
simatic_hmi_ktp_mobile_panels_ktp900f
simatic_hmi_ktp_mobile_panels_ktp400f
simatic_hmi_op_firmware
simatic_hmi_tp
simatic_hmi_comfort_panels_firmware
simatic_hmi_ktp_mobile_panels_ktp700
simatic_hmi_op
simatic_hmi_ktp_mobile_panels_ktp900_firmware
simatic_hmi_comfort_panels
simatic_hmi_ktp_mobile_panels_ktp700_firmware
simatic_wincc_\(tia_portal\)
simatic_hmi_ktp_mobile_panels_ktp700f_firmware
simatic_hmi_ktp_mobile_panels_ktp900f_firmware

CWE

CWE-798

Use of Hard-coded Credentials

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-6572

9.1^/10

6.4^/10

Attach tags to `CVE-2019-6572`