Denial of Service Vulnerability in Siemens SIMATIC Products
CVE-2019-6575

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Cp 443-1 Opc Ua; Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (incl. Siplus Variants); Simatic Hmi Comfort Outdoor Panels 7" & 15" (incl. Siplus Variants); Simatic Hmi Comfort Panels 4" - 22" (incl. Siplus Variants)
Vendor: CVE Published:; 17 April 2019

Summary

A vulnerability exists in various Siemens SIMATIC products which allows an unauthenticated remote attacker to exploit specially crafted network packets sent to the devices on port 4840/tcp. This may lead to a denial of service condition for OPC communication, potentially crashing the affected devices. Attackers do not require system privileges or physical access and can affect the availability of the communication services, posing a significant risk to operational environments relying on these systems.

Affected Version(s)

SIMATIC CP 443-1 OPC UA All versions

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) All versions < V2.7

SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) All versions < V15.1 Upd 4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-30739...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2019
Vulnerability Reserved
Jan 22, 2019