CVE-2019-19281

Name of the Vulnerable Software and Affected Versions SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) versions 2.5 through 20.7 SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions 2.5 through 2.7 SIMATIC S7-1500 Software Controller versions 2.5 through 20.7

Description A vulnerability has been identified that allows an unauthenticated attacker to trigger a Denial-of-Service condition by sending specially crafted UDP packets to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems, requiring no system privileges and no user interaction. This could compromise the device availability.

Recommendations For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) versions 2.5 through 20.7, update to version 20.8 or later. For SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions 2.5 through 2.7, update to version 2.8 or later. For SIMATIC S7-1500 Software Controller versions 2.5 through 20.7, update to version 20.8 or later. As a temporary workaround, consider restricting network access to the affected systems to minimize the risk of exploitation.