Podatność CVE-2019-10929


Publikacja: 2019-08-13

Opis:
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication.

Typ:

CWE-284

(Improper Access Control)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak
Affected software
Siemens -> Simatic s7-1500 
Siemens -> Simatic s7-plcsim advanced 
Siemens -> Simatic et 200sp open controller cpu 1515sp pc2 firmware 
Siemens -> Simatic et 200sp open controller cpu 1515sp pc firmware 
Siemens -> Simatic s7-1200 cpu 1211c firmware 
Siemens -> Simatic s7-1200 cpu 1212c firmware 
Siemens -> Simatic s7-1200 cpu 1214c firmware 
Siemens -> Simatic s7-1200 cpu 1215c firmware 
Siemens -> Simatic s7-1200 cpu 1217c firmware 
Siemens -> Simatic s7-1500 cpu 1511c firmware 
Siemens -> Simatic s7-1500 cpu 1512c firmware 
Siemens -> Simatic s7-1500 cpu 1518 firmware 

 Referencje:
https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf

Copyright 2022, cxsecurity.com

 

Back to Top