Skip to main content

Cp1604 Firmware CVE-2019-6568

HIGH
Out-of-bounds Read (CWE-125)
2019-04-17 productcert@siemens.com
Denial Of Service Buffer Overflow Information Disclosure Cp1604 Firmware Cp1616 Firmware Simatic Rf185C Firmware Simatic Cp343 1 Advanced Firmware Simatic Cp443 1 Firmware Simatic Cp443 1 Advanced Firmware Simatic Et 200 Sp Open Controller Cpu 1515Sp Pc Firmware Simatic Et 200 Sp Open Controller Cpu 1515Sp Pc2 Firmware Simatic Hmi Comfort Outdoor Panels Firmware Simatic Hmi Comfort Panels Firmware Simatic Hmi Ktp Mobile Panels Ktp400F Firmware Simatic Hmi Ktp Mobile Panels Ktp700 Firmware Simatic Hmi Ktp Mobile Panels Ktp700F Firmware Simatic Hmi Ktp Mobile Panels Ktp900 Firmware Simatic Hmi Ktp Mobile Panels Ktp900F Firmware Simatic Cp443 1 Opc Ua Simatic Ipc Diagmonitor Simatic S7 1500 Software Controller Simatic S7 Plcsim Advanced Simatic Wincc Runtime Advanced Sitop Manager Simatic Rf600R Firmware Simatic Rf188C Firmware Simatic Rf186C Firmware Simatic Rf182C Firmware Simatic Rf181 Eip Firmware Simatic S7 1500 Firmware Simatic S7 300 Firmware Simatic S7 400 Pn Firmware Simatic S7 400 Pn Dp Firmware Simatic Teleservice Adapter Ie Advanced Firmware Simatic Teleservice Adapter Ie Basic Firmware Simatic Teleservice Adapter Ie Standard Firmware Simatic Winac Rtx Firmware Simocode Pro V Eip Firmware Simocode Pro V Pn Firmware Sinamics G130 Firmware Sinamics G150 Firmware Sinamics S120 Firmware Sinamics S150 Firmware Sinamics S210 Firmware Sitop Psu8600 Firmware Sitop Ups1600 Firmware Tim 1531 Irc Firmware Simatic S7 1500F Firmware Simatic S7 1500S Firmware Simatic S7 1500T Firmware Sinamics Gh150 Firmware Sinamics Gl150 Firmware Sinamics Gm150 Firmware Sinamics Sl150 Firmware Sinamics Sm120 Firmware Sinamics Sm150 Firmware
7.5
CVSS 3.1 · Vendor: siemens
Share

Severity by source

Vendor (siemens) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (siemens) · only source for this CVE.

CVSS VectorVendor: siemens

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 17, 2019 - 14:29 cve.org
HIGH 7.5

DescriptionCVE.org

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.

The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

AnalysisAI

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Affected products include: Siemens Cp1604 Firmware, Siemens Cp1616 Firmware, Siemens Simatic Rf185C Firmware, Siemens Simatic Cp343-1 Advanced Firmware, Siemens Simatic Cp443-1 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

Share

CVE-2019-6568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy