CVE-2019-10943

Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions prior to not specified SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to not specified SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V20.8 SIMATIC S7-1200 CPU family versions prior to V4.4.0 SIMATIC S7-1500 CPU family versions prior to V2.8.1 SIMATIC S7-1500 Software Controller versions prior to V20.8 SIMATIC S7-PLCSIM Advanced versions prior to V3.0

Description A vulnerability has been identified that could allow an attacker with network access to port 102/tcp to modify the user program on the PLC, potentially altering the running code to differ from the source code stored on the device. This could impact the perceived integrity of the user program stored on the CPU. An attacker must have network access to affected devices and be able to perform changes to the user program. If an engineer attempts to obtain the code of the user program running on the device, they may receive different source code that is not actually running on the device.

Recommendations For SIMATIC Drive Controller family, update to a version that contains a fix for this issue. For SIMATIC ET 200SP Open Controller CPU 1515SP PC, update to a version that contains a fix for this issue. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V20.8, update to V20.8 or later. For SIMATIC S7-1200 CPU family versions prior to V4.4.0, update to V4.4.0 or later. For SIMATIC S7-1500 CPU family versions prior to V2.8.1, update to V2.8.1 or later. For SIMATIC S7-1500 Software Controller versions prior to V20.8, update to V20.8 or later. For SIMATIC S7-PLCSIM Advanced versions prior to V3.0, update to V3.0 or later.