Denial of Service Vulnerability in OpenPCS and SIMATIC Products by Siemens
CVE-2019-19282

7.5HIGH

Key Information:

Vendor: Siemens
Status: Openpcs 7 V8.1; Openpcs 7 V8.2; Openpcs 7 V9.0; Simatic Batch V8.1
Vendor: CVE Published:; 10 March 2020

Summary

A vulnerability exists in various versions of OpenPCS and SIMATIC products that allows an attacker with network access to send specially crafted messages over encrypted communication. This flaw can lead to a Denial-of-Service condition, compromising system availability without the need for system privileges or user interaction.

Affected Version(s)

OpenPCS 7 V8.1 All versions

OpenPCS 7 V8.2 All versions

OpenPCS 7 V9.0 All versions < V9.0 Upd3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-27077...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Nov 26, 2019