CVE-2019-13945

Published: Dic 12, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-5212 Aliases: GSD-2019-13945

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: [email protected]

Attack Vector: physical

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

MEDIUM 4,6

Source: [email protected]

Access Vector: local

Access Complexity: low

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

AI Generated Translation

È stata identificata una vulnerabilità nella famiglia di CPU SIMATIC S7-1200 (incluse varianti SIPLUS) (Tutte le versioni), famiglia di CPU SIMATIC S7-1200 < V4.x (incluse varianti SIPLUS) (Tutte le versioni), famiglia di CPU SIMATIC S7-1200 V4.x (incluse varianti SIPLUS) (Tutte le versioni con Function State (FS) < 11), CPU SIMATIC S7-200 SMART CR20s (6ES7 288-1CR20-0AA1) (Tutte le versioni <= V2.3.0 e Function State (FS) <= 3), CPU SIMATIC S7-200 SMART CR30s (6ES7 288-1CR30-0AA1) (Tutte le versioni <= V2.3.0 e Function State (FS) <= 3), CPU SIMATIC S7-200 SMART CR40 (6ES7 288-1CR40-0AA0) (Tutte le versioni <= V2.2.2 e Function State (FS) <= 8), CPU SIMATIC S7-200 SMART CR40s (6ES7 288-1CR40-0AA1) (Tutte le versioni <= V2.3.0 e Function State (FS) <= 3), CPU SIMATIC S7-200 SMART CR60 (6ES7 288-1CR60-0AA0) (Tutte le versioni <= V2.2.2 e Function State (FS) <= 10), CPU SIMATIC S7-200 SMART CR60s (6ES7 288-1CR60-0AA1) (Tutte le versioni <= V2.3.0 e Function State (FS) <= 3), CPU SIMATIC S7-200 SMART SR20 (6ES7 288-1SR20-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 11), CPU SIMATIC S7-200 SMART SR30 (6ES7 288-1SR30-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 10), CPU SIMATIC S7-200 SMART SR40 (6ES7 288-1SR40-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 10), CPU SIMATIC S7-200 SMART SR60 (6ES7 288-1SR60-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 12), CPU SIMATIC S7-200 SMART ST20 (6ES7 288-1ST20-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 9), CPU SIMATIC S7-200 SMART ST30 (6ES7 288-1ST30-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 9), CPU SIMATIC S7-200 SMART ST40 (6ES7 288-1ST40-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 8), CPU SIMATIC S7-200 SMART ST60 (6ES7 288-1ST60-0AA0) (Tutte le versioni <= V2.5.0 e Function State (FS) <= 8), famiglia di CPU SIMATIC S7-200 SMART (Tutte le versioni). Esiste una modalità di accesso utilizzata durante la produzione dei dispositivi interessati che consente funzionalità diagnostiche aggiuntive. La vulnerabilità di sicurezza potrebbe essere sfruttata da un attaccante con accesso fisico all'interfaccia UART durante il processo di avvio.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0015

Percentile

0,4th

Updated

EPSS Score Trend (Last 91 Days)

749

Exposed Dangerous Method or Function

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control Other

Potential Impacts:

Gain Privileges Or Assume Identity Read Application Data Modify Application Data Execute Unauthorized Code Or Commands Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Low

View CWE Details

Operating System

Simatic S7-200 Smart Cpu Cr40 Firmware by Siemens

Product Information

Vendor Siemens

Product Simatic S7-200 Smart Cpu Cr40 Firmware

Version Range Affected

To 2.2.2 (inclusive)

CPE Identifier

CVE-2019-13945

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 91 Days)

Exposed Dangerous Method or Function

Common Consequences

Applicable Platforms

Simatic S7-200 Smart Cpu Cr40 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Cr60 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu St30 Firmware by Siemens

Product Information

S7-200 Smart Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Sr30 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu St60 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Sr40 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Cr40S Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Cr30S Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu St40 Firmware by Siemens

Product Information

Simatic S7-1200 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu St20 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Sr60 Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Cr20S Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Cr60S Firmware by Siemens

Product Information

Simatic S7-200 Smart Cpu Sr20 Firmware by Siemens

Product Information

Iscriviti alla newsletter