CVE-2019-10917

Name of the Vulnerable Software and Affected Versions SIMATIC PCS 7 versions V8.0 through V8.1 before V8.1 with WinCC V7.3 Upd 19 SIMATIC PCS 7 versions V8.2 through V8.2 before SP1 with WinCC V7.4 SP1 Upd11 SIMATIC PCS 7 versions V9.0 through V9.0 before SP2 with WinCC V7.4 SP1 Upd11 SIMATIC WinCC (TIA Portal) version V13 SIMATIC WinCC (TIA Portal) versions V14 through V14 before SP1 Upd 9 SIMATIC WinCC (TIA Portal) versions V15 through V15 before V15.1 Upd 3 SIMATIC WinCC Runtime Professional version V13 SIMATIC WinCC Runtime Professional versions V14 through V14 before V14.1 Upd 8 SIMATIC WinCC Runtime Professional versions V15 through V15 before V15.1 Upd 3 SIMATIC WinCC versions V7.2 and earlier SIMATIC WinCC versions V7.3 through V7.3 before Upd 19 SIMATIC WinCC versions V7.4 through V7.4 before SP1 Upd 11 SIMATIC WinCC versions V7.5 through V7.5 before Upd 3

Description The issue is related to insufficient input validation in Siemens SIMATIC products. An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file, allowing an attacker to compromise the availability of the affected system. At the time of advisory publication, no public exploitation of this security issue was known.

Recommendations For SIMATIC PCS 7 versions V8.0 through V8.1 before V8.1 with WinCC V7.3 Upd 19, update to V8.1 with WinCC V7.3 Upd 19 or later. For SIMATIC PCS 7 versions V8.2 through V8.2 before SP1 with WinCC V7.4 SP1 Upd11, update to V8.2 SP1 with WinCC V7.4 SP1 Upd11 or later. For SIMATIC PCS 7 versions V9.0 through V9.0 before SP2 with WinCC V7.4 SP1 Upd11, update to V9.0 SP2 with WinCC V7.4 SP1 Upd11 or later. For SIMATIC WinCC (TIA Portal) version V13, update to a version later than V13. For SIMATIC WinCC (TIA Portal) versions V14 through V14 before SP1 Upd 9, update to V14 SP1 Upd 9 or later. For SIMATIC WinCC (TIA Portal) versions V15 through V15 before V15.1 Upd 3, update to V15.1 Upd 3 or later. For SIMATIC WinCC Runtime Professional version V13, update to a version later than V13. For SIMATIC WinCC Runtime Professional versions V14 through V14 before V14.1 Upd 8, update to V14.1 Upd 8 or later. For SIMATIC WinCC Runtime Professional versions V15 through V15 before V15.1 Upd 3, update to V15.1 Upd 3 or later. For SIMATIC WinCC versions V7.2 and earlier, update to a version later than V7.2. For SIMATIC WinCC versions V7.3 through V7.3 before Upd 19, update to V7.3 Upd 19 or later. For SIMATIC WinCC versions V7.4 through V7.4 before SP1 Upd 11, update to V7.4 SP1 Upd 11 or later. For SIMATIC WinCC versions V7.5 through V7.5 before Upd 3, update to V7.5 Upd 3 or later.