CVE-2019-6576

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Comfort Panels 4" - 22" versions prior to V15.1 Update 1 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Update 1 SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F versions prior to V15.1 Update 1 SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 1 SIMATIC WinCC Runtime Professional versions prior to V15.1 Update 1 SIMATIC WinCC (TIA Portal) versions prior to V15.1 Update 1 SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) versions prior to V15.1 Update 1

Description The issue is related to errors in the use of cryptography in the software of SIMATIC devices. An attacker with network access to the affected devices could potentially obtain a TLS session key by observing TLS traffic between a legitimate user and the device. This could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication, no public exploitation of the security issue was known.

Recommendations For SIMATIC HMI Comfort Panels 4" - 22" versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC Runtime Professional versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC (TIA Portal) versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) versions prior to V15.1 Update 1, update to V15.1 Update 1 or later.