CVE-2019-19281 — Uncontrolled Resource Consumption in Siemens Simatic ET 200sp Open Controller CPU 1515sp PC2 Firmware

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic ET 200sp Open Controller CPU 1515sp PC2 Firmware Siemens Simatic S7-1500 CPU 1507s F Firmware Siemens Simatic S7-1500 CPU 1507s Firmware +14 more

Timeline

PublishedMar 10

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and = V2.5 and = V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages17 packages

▶NVDsiemens/simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware2.5 — 20.8

▶CVEListV5siemens_ag/simatic_et_200sp_open_controller_cpu_1515sp_pc2All versions >= V2.5 and < V20.8

▶CVEListV5siemens_ag/simatic_s7-1500_software_controllerAll versions >= V2.5 and < V20.8

▶NVDsiemens/simatic_s7-1500_cpu_1507s_firmware2.5 — 20.8

▶NVDsiemens/simatic_s7-1500_cpu_1508s_firmware2.5 — 20.8

🔴Vulnerability Details

GHSA

GHSA-4cqc-hc5r-xhj6: A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl↗2022-05-24

▶

CVEList

CVE-2019-19281: A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl↗2020-03-10

▶