CVE-2019-19282

Опубликовано: 10 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.1

EPSS Низкий

Описание

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC Win

Ссылки

https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*

cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*

Версия до 16 (исключая)

cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*

Версия до 9.0 (исключая)

cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*

cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00552

Низкий

7.5 High

CVSS3

7.1 High

CVSS2

Дефекты

CWE-131

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2pg9-8888-cqmc

CVSS3: 7.5

github

больше 3 лет назад

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC NET PC Software (All versions < V16 update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14.0.1 (All versions), SIMATIC WinCC (TIA Portal) V15.1 (All versions), SIMATIC WinCC (TIA Portal) V16 (All versions), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5.1 Upd1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromi...

BDU:2020-02442

CVSS3: 7.5

fstec

почти 6 лет назад

Уязвимость системы управления процессами Siemens SIMATIC PCS 7, SIMATIC WinCC и SIMATIC NET PC, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 67%

0.00552

Низкий

7.5 High

CVSS3

7.1 High

CVSS2

Дефекты

CWE-131

NVD-CWE-noinfo