RSS   Vulnerabilities for
'Simatic s7-1200 cpu 1214c firmware'
   RSS

2019-10-10
 
CVE-2019-10936

CWE-400
 

 
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.2.3), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G150 (Control Unit) (All versions), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

 
2019-08-13
 
CVE-2019-10943

CWE-284
 

 
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device. No public exploitation of the vulnerability was known at the time of advisory publication.

 
 
CVE-2019-10929

CWE-284
 

 
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication.

 

 >>> Vendor: Siemens 507 Products
Reliant unix
Hinet lp
3568i wap
M45
S45
S55
Santis 50
Speedstream wireless router
Gigaset se361 wlan router
Speedstream 6520
Speedstream 5200
Gigaset wlan camera
Gigaset c450 ip
Gigaset c475 ip
Gigaset se461 wimax router
Simatic pcs 7
Simatic wincc
Simatic wincc flexible runtime
Simatic wincc runtime
Tecnomatix factorylink
Simatic hmi panels
Wincc
Wincc flexible
Wincc flexible runtime
Wincc runtime advanced
Automation license manager
Scalance s firmware
Scalance s602
Scalance s612
Scalance s613
Scalance x-300 firmware
Scalance x-300eec firmware
Scalance x308-2m firmware
Scalance x414-3e firmware
Scalance xr-300 firmware
Scalance x-300
Scalance x-300eec
Scalance x308-2m
Scalance x414-3e
Scalance xr-300
Simatic pcs7
Simatic step 7
Simatic s7-400 cpu 412-2 pn
Simatic s7-400 cpu 414-3 pn/dp
Simatic s7-400 cpu 414f-3 pn/dp
Simatic s7-400 cpu 416-3 pn/dp
Simatic s7-400 cpu 416f-3 pn/dp
Simatic s7-400 cpu firmware
Synco ozw web server
Synco ozw web server firmware
Comos
Simatic s7-1200 plc
Sipass integrated
Processsuite
ROS
Rox i os
Rox ii os
Ruggedmax os
Simatic rf-manager
Simatic rf-manager 2008
Wincc tia portal
Scalance x204irt
Scalance x202-2irt
Scalance x202-2p irt
Scalance x201-3p irt
Scalance x200-4p irt
Scalance xf204irt
Scalance x200irt firmware
Openscape session border controller
Enterprise openscape branch
Scalance w744-1
Scalance w744-1pro
Scalance w746-1
Scalance w746-1pro
Scalance w747-1
Scalance w747-1rr
Scalance w784-1
Scalance w784-1rr
Scalance w786-1pro
Scalance w786-2pro
Scalance w786-2rr
Scalance w786-3pro
Scalance w788-1pro
Scalance w788-1rr
Scalance w788-2pro
Scalance w788-2rr
Scalance w700 series firmware
Scalance x-200
Scalance x-200rna
Scalance xf-200
Scalance x-200 series firmware
Sinamics g110
Sinamics g110d
Sinamics g120
Sinamics g120c
Sinamics g120d
Sinamics g120p
Sinamics g130
Sinamics g150
Sinamics g180
See all Products for Vendor Siemens


Copyright 2019, cxsecurity.com

 

Back to Top