CVE-2019-6575

CWE-248 CWE-755 — Improper Exception Handling3 documents3 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic ET 200 Open Controller CPU 1515sp PC2 Firmware Siemens Simatic HMI Comfort Outdoor Panels Firmware Siemens Simatic HMI KTP Mobile Panels Ktp400f Firmware +27 more

Timeline

PublishedApr 17

Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions = V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versio…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages34 packages

▶CVEListV5siemens/simatic_et_200sp_open_controller_cpu_1515sp_pc2_(incl._siplus_variants)All versions < V2.7

▶NVDsiemens/simatic_et_200_open_controller_cpu_1515sp_pc2_firmware< 2.7

▶NVDsiemens/simatic_s7-1500_software_controller2.5

▶CVEListV5siemens/simatic_wincc_runtime_advancedAll versions < V15.1 Upd 4

▶CVEListV5siemens/simatic_s7-1500_software_controllerAll versions between V2.5 (including) and V2.7 (excluding)

🔴Vulnerability Details

GHSA

GHSA-q8p5-c986-46jg: A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl↗2022-05-13

▶

CVEList

CVE-2019-6575: A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl↗2019-04-17

▶