CVE-2019-19300
https://notcve.org/view.php?id=CVE-2019-19300
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. • https://cert-portal.siemens.com/productcert/html/ssa-593272.html https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-19281
https://notcve.org/view.php?id=CVE-2019-19281
A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. • https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf https://www.us-cert.gov/ics/advisories/icsa-20-042-11 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-10936
https://notcve.org/view.php?id=CVE-2019-10936
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Se ha identificado una vulnerabilidad en Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Kits de desarrollo/evaluación para PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. variantes SIPLUS), SIMATIC ET200AL, SIMATIC ET200M (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN BA (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN HF (incl. variantes SIPLUS), SIMATIC ET200MP IM155-5 PN ST (incl. variantes SIPLUS) SIPLUS), SIMATIC ET200S (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN BA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HA (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN HS (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN ST (incl. variantes SIPLUS). SIPLUS), SIMATIC ET200SP IM155-6 PN/2 HF (incl. variantes SIPLUS), SIMATIC ET200SP IM155-6 PN/3 HF (incl. variantes SIPLUS) variantes SIPLUS), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200pro, paneles exteriores SIMATIC HMI Comfort de 7" y 15" (incl. variantes SIPLUS), paneles SIMATIC HMI Comfort de 4" a 22" (incl. variantes SIPLUS), paneles móviles SIMATIC HMI KTP, acoplador SIMATIC PN/PN (incl. variantes SIPLUS NET), driver SIMATIC PROFINET, familia de CPUs SIMATIC S7-1200 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-1500 (incl. variantes SIPLUS). CPUs ET200 y variantes SIPLUS), SIMATIC S7-1500 Software Controller, familia de CPUs SIMATIC S7-300 (incl. CPUs ET200 y variantes SIPLUS), familia de CPUs SIMATIC S7-400 H V6 (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V6 e inferiores (incl. variantes SIPLUS), familia de CPUs SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS), SIMATIC S7-400 PN/DP V7 (incl. variantes SIPLUS). • https://cert-portal.siemens.com/productcert/html/ssa-473245.html https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-10943
https://notcve.org/view.php?id=CVE-2019-10943
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf • CWE-345: Insufficient Verification of Data Authenticity CWE-353: Missing Support for Integrity Check •
CVE-2019-10929
https://notcve.org/view.php?id=CVE-2019-10929
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC HMI Panel (incl. SIPLUS variants) (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC STEP 7 (TIA Portal) (All versions < V16), SIMATIC WinCC (TIA Portal) (All versions < V16), SIMATIC WinCC OA (All versions < V3.16 P013), SIMATIC WinCC Runtime Advanced (All versions < V16), SIMATIC WinCC Runtime Professional (All versions < V16), TIM 1531 IRC (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf https://www.us-cert.gov/ics/advisories/icsa-19-344-04 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •