CVE-2019-19300

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-20-105-08

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:ktk_ate530s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ktk_ate530s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:sidoor_atd430w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sidoor_atd430w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:sidoor_ate530s_coated_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sidoor_ate530s_coated:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:sidoor_ate531s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sidoor_ate531s:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et_200sp_open_controller_cpu_1515sp_pc2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_et200mp_im155-5_pn_hf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200mp_im155-5_pn_hf:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_et200sp_im155-6_mf_hf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200sp_im155-6_mf_hf:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_ha_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn_ha:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_hf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn_hf:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn\/2_hf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn\/2_hf:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn\/2_hf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_et200sp_im155-6_pn\/2_hf:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:simatic_micro-drive_pdc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_micro-drive_pdc:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:simatic_pn\/pn_coupler_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pn\/pn_coupler:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511-1_pn:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513-1_pn:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515-2_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515-2_pn:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1511f-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1511f-1_pn:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1513f-1_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1513f-1_pn:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1515f-2_pn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1515f-2_pn:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1516f-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1516f-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1517f-3_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1517f-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp:-:*:*:*:*:*:*:*

Configuration 27 (hide)

cpe:2.3:a:siemens:simatic_s7-1500:*:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-400_pn\/dp:v7:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-410_cpu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-410_cpu:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_2010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_winac_rtx_\(f\)_2010:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:siemens:sinamics_s\/g_control_unit_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_s\/g_control_unit:-:*:*:*:*:*:*:*

Information

Published : 2020-04-14 20:15

Updated : 2022-06-14 10:15

NVD link : CVE-2019-19300

Mitre link : CVE-2019-19300

JSON object : View

Products Affected

siemens

simatic_s7-1500_cpu_1511-1_pn
simatic_s7-1500_cpu_1516-3_pn\/dp_firmware
sidoor_ate531s
simatic_s7-1500_cpu_1511f-1_pn_firmware
simatic_et200sp_im155-6_pn_ha_firmware
simatic_s7-1500_cpu_1518f-4_pn\/dp
ktk_ate530s
simatic_s7-1500
simatic_s7-1500_cpu_1515f-2_pn_firmware
simatic_et_200sp_open_controller_cpu_1515sp_pc2
simatic_et200sp_im155-6_pn\/2_hf_firmware
simatic_pn\/pn_coupler
simatic_s7-1500_cpu_1516f-3_pn\/dp_firmware
sinamics_s\/g_control_unit
simatic_s7-1500_cpu_1517f-3_pn\/dp_firmware
simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware
simatic_micro-drive_pdc
simatic_et_200sp_open_controller_cpu_1515sp_pc
simatic_s7-1500_cpu_1515f-2_pn
simatic_s7-1500_cpu_1517f-3_pn\/dp
simatic_s7-410_cpu
simatic_micro-drive_pdc_firmware
simatic_s7-1500_cpu_1511f-1_pn
simatic_et200sp_im155-6_mf_hf_firmware
simatic_s7-300_cpu_firmware
simatic_et200sp_im155-6_pn_ha
simatic_tdc_cp51m1
simatic_tdc_cpu555
simatic_pn\/pn_coupler_firmware
simatic_s7-1500_cpu_1518f-4_pn\/dp_firmware
simatic_tdc_cp51m1_firmware
simatic_et200sp_im155-6_pn_hf_firmware
simatic_s7-1500_cpu_1516-3_pn\/dp
simatic_tdc_cpu555_firmware
simatic_s7-1500_cpu_1517-3_pn\/dp
simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware
simatic_winac_rtx_\(f\)_2010
simatic_s7-1500_cpu_1518-4_pn\/dp_firmware
sidoor_ate530s_coated
simatic_s7-400_pn\/dp
simatic_s7-1500_cpu_1516f-3_pn\/dp
simatic_s7-300_cpu
simatic_et200mp_im155-5_pn_hf
sidoor_atd430w
sinamics_s\/g_control_unit_firmware
simatic_s7-1500_cpu_1513f-1_pn
simatic_s7-1500_cpu_1515-2_pn_firmware
simatic_et200mp_im155-5_pn_hf_firmware
simatic_winac_rtx_\(f\)_2010_firmware
simatic_s7-1500_cpu_1513-1_pn
sidoor_ate531s_firmware
simatic_s7-1500_cpu_1511-1_pn_firmware
simatic_s7-410_cpu_firmware
simatic_et200sp_im155-6_pn\/2_hf
simatic_et200sp_im155-6_mf_hf
simatic_s7-400_pn\/dp_firmware
simatic_s7-1500_cpu_1518-4_pn\/dp
simatic_s7-1500_cpu_1515-2_pn
simatic_s7-1500_cpu_1513f-1_pn_firmware
sidoor_atd430w_firmware
simatic_s7-1500_cpu_1517-3_pn\/dp_firmware
ktk_ate530s_firmware
simatic_et200sp_im155-6_pn_hf
simatic_s7-1500_cpu_1513-1_pn_firmware
sidoor_ate530s_coated_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

7.5^/10

5.0^/10