Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-19281

UNKNOWN
Published 2020-03-10T19:16:17
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-19281. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Siemens AG

SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)

Affected Versions:

All versions >= V2.5 and < V20.8
Siemens AG

SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)

Affected Versions:

All versions >= V2.5 and < V2.8
Siemens AG

SIMATIC S7-1500 Software Controller

Affected Versions:

All versions >= V2.5 and < V20.8

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-4cqc-hc5r-xhj6

Advisory Details

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V2.5 and < V20.8), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 and < V2.8), SIMATIC S7-1500 Software Controller (All versions >= V2.5 and < V20.8). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a Denial-of-Service condition. The vulnerability can be triggered if specially crafted UDP packets are sent to the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the device availability.

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-19281
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf
WEB https://www.us-cert.gov/ics/advisories/icsa-20-042-11

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf
https://www.us-cert.gov/ics/advisories/icsa-20-042-11
Published: 2020-03-10T19:16:17
Last Modified: 2024-08-05T02:09:39.528Z
Copied to clipboard!