Vulnerability in SIMATIC Drive Controller and S7 CPU Family by Siemens
CVE-2019-10943

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Drive Controller Family; Simatic Et 200sp Open Controller Cpu 1515sp Pc (incl. Siplus Variants); Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants); Simatic S7-1200 Cpu Family (incl. Siplus Variants)
Vendor: CVE Published:; 13 August 2019

Summary

A vulnerability exists in various Siemens SIMATIC products that allows an attacker with network access to TCP port 102 to potentially alter the user program on the PLC. This could lead to discrepancies between the running code and the source code stored on the device. An engineer may retrieve a non-representative version of the running user program, compromising the integrity of operations reliant on accurate code execution. Mitigation measures should be implemented to prevent unauthorized network access to affected devices.

Affected Version(s)

SIMATIC Drive Controller family All versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) All versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) All versions < V20.8

References

https://cert-portal.siemens.com/productcert/pdf/ssa-23241...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2019
Vulnerability Reserved
Apr 8, 2019