Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-19282
HistoryMar 10, 2020 - 8:15 p.m.

CVE-2019-19282

2020-03-1020:15:18
CWE-131
[email protected]
web.nvd.nist.gov
30
cve-2019-19282
siemens
openpcs 7
simatic batch
simatic net pc software
simatic pcs 7
simatic route control
simatic wincc
tia portal
denial-of-service
nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.
Successful exploitation requires no system privileges and no user interaction.

Affected configurations

NVD
Node
siemensopenpcs_7Match9.0-
OR
siemensopenpcs_7Match9.0_update_1
OR
siemenssimatic_batchMatch9.0-
OR
siemenssimatic_batchMatch9.0sp1
OR
siemenssimatic_batchMatch9.0sp1_update_1
OR
siemenssimatic_batchMatch9.0sp1_update_2
OR
siemenssimatic_batchMatch9.0sp1_update_3
OR
siemenssimatic_batchMatch9.0sp1_update_4
OR
siemenssimatic_net_pcRange<16
OR
siemenssimatic_net_pcMatch16-
OR
siemenssimatic_pcs_7Match8.1
OR
siemenssimatic_pcs_7Match8.2
OR
siemenssimatic_pcs_7Match9.0-
OR
siemenssimatic_pcs_7Match9.0sp1
OR
siemenssimatic_pcs_7Match9.0sp2
OR
siemenssimatic_route_controlRange<9.0
OR
siemenssimatic_route_controlMatch9.0-
OR
siemenssimatic_winccMatch7.4-
OR
siemenssimatic_winccMatch7.4sp1
OR
siemenssimatic_winccMatch7.4sp1_update_1
OR
siemenssimatic_winccMatch7.4sp1_update_10
OR
siemenssimatic_winccMatch7.4sp1_update_11
OR
siemenssimatic_winccMatch7.4sp1_update_12
OR
siemenssimatic_winccMatch7.4sp1_update_13
OR
siemenssimatic_winccMatch7.4sp1_update_2
OR
siemenssimatic_winccMatch7.4sp1_update_3
OR
siemenssimatic_winccMatch7.4sp1_update_4
OR
siemenssimatic_winccMatch7.4sp1_update_5
OR
siemenssimatic_winccMatch7.4sp1_update_6
OR
siemenssimatic_winccMatch7.4sp1_update_7
OR
siemenssimatic_winccMatch7.4sp1_update_8
OR
siemenssimatic_winccMatch7.4sp1_update_9
OR
siemenssimatic_winccMatch7.5-
OR
siemenssimatic_winccMatch7.5sp1-
OR
siemenssimatic_winccMatch7.5.1-
OR
siemenssimatic_winccMatch13-
OR
siemenssimatic_winccMatch13sp1
OR
siemenssimatic_winccMatch14.0.1
OR
siemenssimatic_winccMatch15.1-
OR
siemenssimatic_winccMatch15.1update_1
OR
siemenssimatic_winccMatch15.1update_2
OR
siemenssimatic_winccMatch15.1update_3
OR
siemenssimatic_winccMatch15.1update_4
OR
siemenssimatic_winccMatch16-

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "OpenPCS 7 V8.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "OpenPCS 7 V8.2",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "OpenPCS 7 V9.0",
    "versions": [
      {
        "version": "All versions < V9.0 Upd3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC BATCH V8.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC BATCH V8.2",
    "versions": [
      {
        "version": "All versions < V8.2 Upd12",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC BATCH V9.0",
    "versions": [
      {
        "version": "All versions < V9.0 SP1 Upd5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC NET PC Software V14",
    "versions": [
      {
        "version": "All versions < V14 SP1 Update 14",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC NET PC Software V15",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC NET PC Software V16",
    "versions": [
      {
        "version": "All versions < V16 Update 1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS 7 V8.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS 7 V8.2",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC PCS 7 V9.0",
    "versions": [
      {
        "version": "All versions < V9.0 SP3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Route Control V8.1",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Route Control V8.2",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC Route Control V9.0",
    "versions": [
      {
        "version": "All versions < V9.0 Upd4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC (TIA Portal) V13",
    "versions": [
      {
        "version": "All versions < V13 SP2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC (TIA Portal) V14",
    "versions": [
      {
        "version": "All versions < V14 SP1 Update 10",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC (TIA Portal) V15.1",
    "versions": [
      {
        "version": "All versions < V15.1 Update 5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC (TIA Portal) V16",
    "versions": [
      {
        "version": "All versions < V16 Update 1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.3",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.4",
    "versions": [
      {
        "version": "All versions < V7.4 SP1 Update 14",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMATIC WinCC V7.5",
    "versions": [
      {
        "version": "All versions < V7.5 SP1 Update 1",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

nvd 1
ics 1
prion 1
cvelist 1
nvd
nvd
CVE-2019-19282
2020-03-10 20:15:18
ics
ics
Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update G)
2022-04-14 12:00:00
prion
prion
Design/Logic Flaw
2020-03-10 20:15:00
cvelist
cvelist
CVE-2019-19282
2020-03-10 19:16:17

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.6%

JSON
Related for CVE-2019-19282
nvd1ics1prion1cvelist1