CVE-2019-6572

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Comfort Panels 4" - 22" versions prior to V15.1 Update 1 SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Update 1 SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F versions prior to V15.1 Update 1 SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 1 SIMATIC WinCC Runtime Professional versions prior to V15.1 Update 1 SIMATIC WinCC (TIA Portal) versions prior to V15.1 Update 1 SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) versions prior to V15.1 Update 1

Description The issue is related to errors in permission management, allowing an attacker to gain read and write access to SNMP using a hardcoded community string. Successful exploitation requires network access to the affected device and no system privileges or user interaction. This could compromise the confidentiality and integrity of the affected system.

Recommendations For SIMATIC HMI Comfort Panels 4" - 22" versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC Runtime Advanced versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC Runtime Professional versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC WinCC (TIA Portal) versions prior to V15.1 Update 1, update to V15.1 Update 1 or later. For SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) versions prior to V15.1 Update 1, update to V15.1 Update 1 or later.