CVE-2019-6568

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

0.4%

top 38.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

130

Siemens Simatic ET 200 SP Open Controller CPU 1515sp PC2 Firmware Siemens Simatic ET 200 SP Open Controller CPU 1515sp PC Firmware Siemens Simatic HMI Comfort Outdoor Panels Firmware +127 more

Timeline

PublishedApr 17

Latest updateMay 13

Description

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages135 packages

▶CVEListV5siemens/simatic_teleservice_adapter_ie_basicAll versions

▶CVEListV5siemens/simatic_teleservice_adapter_ie_advancedAll versions

▶CVEListV5siemens/simatic_teleservice_adapter_ie_standardAll versions

▶NVDsiemens/sitop_manager< 1.1

▶NVDsiemens/tim_1531_irc_firmware< 2.1

🔴Vulnerability Details

GHSA

GHSA-gm8r-2vc4-2wvx: A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Ad↗2022-05-13

▶

CVEList

CVE-2019-6568: The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition↗2019-04-17

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2020-6566↗2020-08-25

▶