CVE-2019-10943Missing Support for Integrity Check in Siemens Simatic ET 200sp Open Controller CPU 1515sp PC2 Firmware

CWE-353Missing Support for Integrity CheckCWE-345Insufficient Verification of Data Authenticity3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Siemens Simatic ET 200sp Open Controller CPU 1515sp PC2 FirmwareSiemens Simatic S7-1200 CPU 1211c FirmwareSiemens Simatic S7-1200 CPU 1212c Firmware+14 more
Timeline
PublishedAug 13
Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions = V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions = V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions = V2.8.1), SIMATIC S7-1500 Software Controller (All versions = V20

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

CVEListV5siemens/simatic_et_200sp_open_controller_cpu_1515sp_pc2All versions < V20.8, All versions >= V20.8+1

🔴Vulnerability Details

2
GHSA
GHSA-c58v-2pgr-h7q6: A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC22022-05-24
CVEList
CVE-2019-10943: A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl2019-08-13
CVE-2019-10943 — Missing Support for Integrity Check | cvebase