SNMP Service Disruption in SIMATIC HMI Comfort Panels and KTP Mobile Panels
CVE-2019-19276

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Hmi Comfort Panels 1st Generation (incl. Siplus Variants); Simatic Hmi Ktp Mobile Panels
Vendor: CVE Published:; 12 May 2021

Summary

A vulnerability in the SNMP service of the SIMATIC HMI Comfort Panels (1st Generation and SIPLUS variants) and KTP Mobile Panels allows for specially crafted packets sent to UDP port 161, potentially causing the service to crash. As a result, device operation is interrupted, necessitating a manual restart to restore functionality. This vulnerability affects all versions prior to V16 Update 4, highlighting the importance of monitoring and securing network communications to prevent exploitation.

Affected Version(s)

SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) All versions < V16 Update 4

SIMATIC HMI KTP Mobile Panels All versions < V16 Update 4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-59436...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2021
Vulnerability Reserved
Nov 26, 2019