CVE-2019-19282

Name of the Vulnerable Software and Affected Versions OpenPCS 7 versions 8.1 through 9.0 SIMATIC BATCH versions 8.1 through 9.0 SIMATIC NET PC Software versions 14 through 16 SIMATIC PCS 7 versions 8.1 through 9.0 SIMATIC Route Control versions 8.1 through 9.0 SIMATIC WinCC (TIA Portal) versions 13 through 16 SIMATIC WinCC versions 7.3 through 7.5

Description The issue is related to a buffer restriction for downloaded data. An attacker with network access could exploit this to compromise system availability by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Recommendations For OpenPCS 7 versions 8.1 through 9.0, update to a version that includes the necessary security patches. For SIMATIC BATCH versions 8.1 through 9.0, apply the recommended security updates. For SIMATIC NET PC Software versions 14 through 16, install the latest security patches. For SIMATIC PCS 7 versions 8.1 through 9.0, update to a patched version to resolve the issue. For SIMATIC Route Control versions 8.1 through 9.0, apply the necessary security fixes. For SIMATIC WinCC (TIA Portal) versions 13 through 16, update to the latest version that includes security patches. For SIMATIC WinCC versions 7.3 through 7.5, install the recommended security updates.