← Back

CVE-2019-13940

nvd nist
Published: Feb 11, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.

Affected (24)

Siemens
24 products
S7 1200 Cpu 1211c Firmware
S7 1200 Cpu 1212c Firmware
S7 1200 Cpu 1214c Firmware
S7 1200 Cpu 1215c Firmware
S7 1200 Cpu 1217c Firmware
S7 1200 Cpu 1212fc Firmware
S7 1200 Cpu 1214fc Firmware
S7 1200 Cpu 1215fc Firmware
Siplus S7 1200 Firmware
Siplus Cpu 1211c Firmware
Siplus Cpu 1212c Firmware
Siplus Cpu 1214c Firmware
Siplus Cpu 1215c Firmware
Simatic S7 300 Cpu 315 2dp Firmware
Simatic S7 300 Cpu 315 2 Pn/dp Firmware
Simatic S7 300 Cpu 317 2 Dp Firmware
Simatic S7 300 Cpu 317 2 Pn/dp Firmware
Simatic S7 300 Cpu 319 3 Pn/dp Firmware
Siplus S7 300 Cpu 314 Firmware
Siplus S7 300 Cpu 315 2 Dp Firmware
Siplus S7 300 Cpu 315 2 Pn/dp Firmware
Siplus S7 300 Cpu 317 2 Pn/dp Firmware
Simatic S7 400 Pn/dp Cpu Firmware
Simatic Winac Rtx (f) 2010
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1211c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1211c
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1212c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1212c
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1214c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1214c
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1215c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1215c
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1217c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1217c
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1212fc Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1212fc
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1214fc Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1214fc
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
S7 1200 Cpu 1215fc Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
S7 1200 Cpu 1215fc
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus S7 1200 Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Siplus S7 1200
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Cpu 1211c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Siplus Cpu 1211c
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Cpu 1212c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Siplus Cpu 1212c
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Cpu 1214c Firmware
Up to 4.1
Running on/withPlatform Versions
Siemens
Siplus Cpu 1214c
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus Cpu 1215c Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Siplus Cpu 1215c
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu 315 2dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu 315 2dp
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu 315 2 Pn/dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu 315 2 Pn/dp
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu 317 2 Dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu 317 2 Dp
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu 317 2 Pn/dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu 317 2 Pn/dp
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 300 Cpu 319 3 Pn/dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 300 Cpu 319 3 Pn/dp
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus S7 300 Cpu 314 Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus S7 300 Cpu 314
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus S7 300 Cpu 315 2 Dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus S7 300 Cpu 315 2 Dp
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus S7 300 Cpu 315 2 Pn/dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus S7 300 Cpu 315 2 Pn/dp
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siplus S7 300 Cpu 317 2 Pn/dp Firmware
All versions
Running on/withPlatform Versions
Siemens
Siplus S7 300 Cpu 317 2 Pn/dp
Version v6
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Simatic S7 400 Pn/dp Cpu Firmware
All versions
Running on/withPlatform Versions
Siemens
Simatic S7 400 Pn/dp Cpu
Version v7
Configuration Y
1 vulnerable
Vulnerable SoftwareAffected Versions
Simatic Winac Rtx (f) 2010
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.