CVE-2019-19276 — Out-of-bounds Write in Siemens Simatic HMI Comfort Panels 1ST Generation

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Comfort Panels 1ST Generation Siemens Simatic HMI KTP Mobile Panels Siemens Simatic HMI Comfort Panels Firmware +1 more

Timeline

PublishedMay 12

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5siemens/simatic_hmi_comfort_panels_1st_generationAll versions < V16 Update 4

▶CVEListV5siemens/simatic_hmi_ktp_mobile_panelsAll versions < V16 Update 4

▶NVDsiemens/simatic_hmi_comfort_panels_firmware16

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_firmware16

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-v5g4-whqh-4265: A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl↗2022-05-24

▶

CVEList

CVE-2019-19276: A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl↗2021-05-12

▶