PT-2019-12089 · Siemens · Simatic Hmi Panels+13
Published
2019-08-13
·
Updated
2022-08-10
·
CVE-2019-10929
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SIMATIC CP 1626 (All versions)
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V20.8)
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8)
SIMATIC HMI Panel (incl. SIPLUS variants) (All versions)
SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14)
SIMATIC NET PC Software V15 (All versions)
SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0)
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1)
SIMATIC S7-1500 Software Controller (All versions < V20.8)
SIMATIC S7-PLCSIM Advanced (All versions < V3.0)
SIMATIC STEP 7 (TIA Portal) (All versions < V16)
SIMATIC WinCC (TIA Portal) (All versions < V16)
SIMATIC WinCC OA (All versions < V3.16 P013)
SIMATIC WinCC Runtime Advanced (All versions < V16)
SIMATIC WinCC Runtime Professional (All versions < V16)
TIM 1531 IRC (incl. SIPLUS NET variants) (All versions < V2.1)
Description
The affected devices contain a message protection bypass vulnerability due to certain properties in the calculation used for integrity protection. This could allow an attacker in a Man-in-the-Middle position to modify network traffic sent on port 102/tcp to the affected devices.
Recommendations
For SIMATIC CP 1626, update to a version that addresses the vulnerability.
For SIMATIC ET 200SP Open Controller CPU 1515SP PC and SIMATIC ET 200SP Open Controller CPU 1515SP PC2, update to version V20.8 or later.
For SIMATIC HMI Panel, update to a version that addresses the vulnerability.
For SIMATIC NET PC Software V14, update to V14 SP1 Update 14 or later.
For SIMATIC NET PC Software V15, update to a version that addresses the vulnerability.
For SIMATIC S7-1200 CPU family, update to version V4.4.0 or later.
For SIMATIC S7-1500 CPU family, update to version V2.8.1 or later.
For SIMATIC S7-1500 Software Controller, update to version V20.8 or later.
For SIMATIC S7-PLCSIM Advanced, update to version V3.0 or later.
For SIMATIC STEP 7 (TIA Portal) and SIMATIC WinCC (TIA Portal), update to version V16 or later.
For SIMATIC WinCC OA, update to version V3.16 P013 or later.
For SIMATIC WinCC Runtime Advanced and SIMATIC WinCC Runtime Professional, update to version V16 or later.
For TIM 1531 IRC, update to version V2.1 or later.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Cp 1626
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2
Simatic Hmi Panels
Simatic Net Pc
Simatic S7-1200 Cpu
Simatic S7-1500 Cpu
Simatic S7-1500 Software Controller
Simatic S7-Plcsim Advanced
Simatic Step 7
Simatic Wincc
Simatic Wincc Runtime Advanced
Simatic Wincc Runtime Professional
Tim 1531 Irc