PT-2021-9018 · Siemens · Simatic Hmi Comfort Panels+1
Published
2021-05-12
·
Updated
2021-06-02
·
CVE-2019-19276
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) versions prior to V16 Update 4
SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 4
Description
A vulnerability has been identified that can cause the SNMP service of affected devices to crash when specially crafted packets are sent to port 161/udp. This requires a manual restart of the device to resume operation of the service.
Recommendations
For SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) versions prior to V16 Update 4, update to V16 Update 4 or later.
For SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 4, update to V16 Update 4 or later.
As a temporary workaround, consider restricting access to port 161/udp to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Hmi Comfort Panels
Simatic Hmi Ktp Mobile Panels