CVE-2019-13945
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
Se ha identificado una vulnerabilidad en la familia de CPU SIMATIC S7-1200 (incluidas las variantes SIPLUS) (Toas las versiones), SIMATIC S7-1200 CPU family < V4.x (incluidas las variantes SIPLUS) (Toas las versiones), SIMATIC S7-1200 CPU family V4.x (incluidas las variantes SIPLUS) (Toas las versiones with Function State (FS) anteriores a 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (Todas las versiones o igual a V2.3.0 y Function State (FS) anteriores o igual a 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (Todas las versiones o igual a V2.3.0 y Function State (FS) anteriores o igual a 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (Todas las versiones o igual a V2.2.2 y Function State (FS) anteriores o igual a 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (Todas las versiones o igual a V2.3.0 y Function State (FS) anteriores o igual a 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (Todas las versiones o igual a V2.2.2 y Function State (FS) anteriores o igual a 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (Todas las versiones o igual a V2.3.0 y Function State (FS) anteriores o igual a 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (Todas las versiones o igual a V2.5.0 y Function State (FS) anteriores o igual a 8), SIMATIC S7-200 SMART CPU family (Toas las versiones). Existe un modo de acceso utilizado durante la fabricación de CPU S7-1200 que permite una funcionalidad de diagnóstico adicional. La vulnerabilidad de seguridad podría ser explotada por un atacante con acceso físico a la interfaz UART durante el proceso de arranque
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-18 CVE Reserved
- 2019-12-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-749: Exposed Dangerous Method or Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf | 2020-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Simatic S7-1200 Firmware Search vendor "Siemens" for product "Simatic S7-1200 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-1200 Search vendor "Siemens" for product "Simatic S7-1200" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | S7-200 Smart Firmware Search vendor "Siemens" for product "S7-200 Smart Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | S7-200 Smart Search vendor "Siemens" for product "S7-200 Smart" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St20 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St20 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St20 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St20 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St20" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St30 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St30 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St30 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St30 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St30" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St40 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St40 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St40 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St40 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St40" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St60 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St60 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St60 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu St60 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu St60" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr20 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr20 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr20 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr20 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr20" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr30 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr30 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr30 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr30 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr30" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr40 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr40 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr40 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr40 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr40" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr60 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr60 Firmware" | <= 2.5.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr60 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Sr60 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Sr60" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr40 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40 Firmware" | <= 2.2.2 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40 Firmware" and version " <= 2.2.2" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr40 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr60 Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60 Firmware" | <= 2.2.2 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60 Firmware" and version " <= 2.2.2" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr60 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr20s Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr20s Firmware" | <= 2.3.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr20s Firmware" and version " <= 2.3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr20s Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr20s" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr30s Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr30s Firmware" | <= 2.3.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr30s Firmware" and version " <= 2.3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr30s Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr30s" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr40s Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40s Firmware" | <= 2.3.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40s Firmware" and version " <= 2.3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr40s Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr40s" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr60s Firmware Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60s Firmware" | <= 2.3.0 Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60s Firmware" and version " <= 2.3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic S7-200 Smart Cpu Cr60s Search vendor "Siemens" for product "Simatic S7-200 Smart Cpu Cr60s" | - | - |
Safe
|