// For flags

CVE-2019-6577

 

Severity Score

5.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known.

Ha sido identificada una vulnerabilidad en SIMATIC HMI Comfort Panels 4" - 22" (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 y KTP900F (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC WinCC Runtime Advanced (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC WinCC Runtime Professional (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC WinCC (TIA Portal) (Todas las versiones anteriores a la V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (Todas las versiones). El servidor web integrado podría permitir ataques de Cross-Site Scripting (XSS) si un atacante puede modificar partes particulares de la configuración del dispositivo por medio de SNMP. La vulnerabilidad de la seguridad podría ser explotada por un atacante con acceso de red al sistema afectado. La explotación con éxito requiere privilegios del sistema e interacción del usuario. Un atacante podría utilizar la vulnerabilidad para comprometer la confidencialidad y la integridad del sistema afectado. En la etapa de publicación de este aviso de seguridad no se conoce ninguna explotación pública.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-22 CVE Reserved
  • 2019-05-14 CVE Published
  • 2024-05-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 Simatic Hmi Comfort Panels Firmware
Search vendor "Siemens" for product "Simatic Hmi Comfort Panels Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Comfort Panels Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Comfort Panels
Search vendor "Siemens" for product "Simatic Hmi Comfort Panels"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Comfort Outdoor Panels Firmware
Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Comfort Outdoor Panels
Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp400f Firmware
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp400f
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp700 Firmware
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700 Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700 Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp700
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp700f Firmware
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp700f
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp900 Firmware
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900 Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900 Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp900
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp900f Firmware
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f Firmware"
 < 15.1
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f Firmware" and version " < 15.1"
-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Ktp Mobile Panels Ktp900f
Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Tp Firmware
Search vendor "Siemens" for product "Simatic Hmi Tp Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Tp
Search vendor "Siemens" for product "Simatic Hmi Tp"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Mp Firmware
Search vendor "Siemens" for product "Simatic Hmi Mp Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Mp
Search vendor "Siemens" for product "Simatic Hmi Mp"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Hmi Op Firmware
Search vendor "Siemens" for product "Simatic Hmi Op Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
 Simatic Hmi Op
Search vendor "Siemens" for product "Simatic Hmi Op"
--
Safe
Siemens
Search vendor "Siemens"
 Simatic Wincc \(tia Portal\)
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)"
 < 15.1
Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)" and version " < 15.1"
-
Affected
Siemens
Search vendor "Siemens"
 Simatic Wincc Runtime
Search vendor "Siemens" for product "Simatic Wincc Runtime"
 < 15.1
Search vendor "Siemens" for product "Simatic Wincc Runtime" and version " < 15.1"
advanced
Affected
Siemens
Search vendor "Siemens"
 Simatic Wincc Runtime
Search vendor "Siemens" for product "Simatic Wincc Runtime"
 < 15.1
Search vendor "Siemens" for product "Simatic Wincc Runtime" and version " < 15.1"
professional
Affected