CVE-2019-19282

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

CVSS v3 7.5 HIGH
CVSS v2.0 7.1 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:openpcs_7:9.0:-::::::
	cpe:2.3:a:siemens:openpcs_7:9.0_update_1:::::::*
	cpe:2.3:a:siemens:simatic_batch:9.0:-::::::
	cpe:2.3:a:siemens:simatic_batch:9.0:sp1::::::
	cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1::::::
	cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2::::::
	cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3::::::
	cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4::::::
	cpe:2.3:a:siemens:simatic_net_pc::::::::
	cpe:2.3:a:siemens:simatic_net_pc:16:-::::::
	cpe:2.3:a:siemens:simatic_pcs_7:8.1:::::::*
	cpe:2.3:a:siemens:simatic_pcs_7:8.2:::::::*
	cpe:2.3:a:siemens:simatic_pcs_7:9.0:-::::::
	cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1::::::
	cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2::::::
	cpe:2.3:a:siemens:simatic_route_control::::::::
	cpe:2.3:a:siemens:simatic_route_control:9.0:-::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:-::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8::::::
	cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9::::::
	cpe:2.3:a:siemens:simatic_wincc:7.5:-::::::
	cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:::::*
	cpe:2.3:a:siemens:simatic_wincc:7.5.1:-::::::
	cpe:2.3:a:siemens:simatic_wincc:13:-::::::
	cpe:2.3:a:siemens:simatic_wincc:13:sp1::::::
	cpe:2.3:a:siemens:simatic_wincc:14.0.1:::::::*
	cpe:2.3:a:siemens:simatic_wincc:15.1:-::::::
	cpe:2.3:a:siemens:simatic_wincc:15.1:update_1::::::
	cpe:2.3:a:siemens:simatic_wincc:15.1:update_2::::::
	cpe:2.3:a:siemens:simatic_wincc:15.1:update_3::::::
	cpe:2.3:a:siemens:simatic_wincc:15.1:update_4::::::
	cpe:2.3:a:siemens:simatic_wincc:16:-::::::

History

21 Nov 2024, 04:34

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf - Vendor Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf - Vendor Advisory

12 Apr 2022, 10:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.	A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

12 Apr 2022, 09:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.	A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Information

Published : 2020-03-10 20:15

Updated : 2024-11-21 04:34

NVD link : CVE-2019-19282

Mitre link : CVE-2019-19282

CVE.ORG link : CVE-2019-19282

JSON object : View

Products Affected

siemens

simatic_batch
simatic_pcs_7
simatic_route_control
simatic_wincc
openpcs_7
simatic_net_pc

CWE

CWE-131

Incorrect Calculation of Buffer Size

NVD-CWE-noinfo

{"id": "CVE-2019-19282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-10T20:15:18.960", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-131"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition.\nSuccessful exploitation requires no system privileges and no user interaction."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en OpenPCS 7 V8.1 (Todas las versiones), OpenPCS 7 V8.2 (Todas las versiones), OpenPCS 7 V9.0 (Todas las versiones anteriores a V9.0 Upd3), SIMATIC BATCH V8.1 (Todas las versiones), SIMATIC BATCH V8.2 (Todas las versiones), SIMATIC BATCH V9.0 (Todas las versiones anteriores a V9. 0 SP1 Upd5), SIMATIC NET PC Software V14 (Todas las versiones anteriores a V14 SP1 Update 14), SIMATIC NET PC Software V15 (Todas las versiones), SIMATIC NET PC Software V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC PCS 7 V8.1 (Todas las versiones), SIMATIC PCS 7 V8.2 (Todas las versiones), SIMATIC PCS 7 V9.0 (Todas las versiones anteriores a V9. 0 SP3), SIMATIC Route Control V8.1 (Todas las versiones), SIMATIC Route Control V8.2 (Todas las versiones), SIMATIC Route Control V9.0 (Todas las versiones anteriores a V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (Todas las versiones anteriores a V13 SP2), SIMATIC WinCC (TIA Portal) V14 (Todas las versiones anteriores a V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15. 1 (Todas las versiones anteriores a V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (Todas las versiones anteriores a V16 Update 1), SIMATIC WinCC V7.3 (Todas las versiones), SIMATIC WinCC V7.4 (Todas las versiones anteriores a V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (Todas las versiones anteriores a V7.5 SP1 Update 1). A trav\u00e9s de mensajes especialmente dise\u00f1ados, cuando la comunicaci\u00f3n cifrada est\u00e1 habilitada, un atacante con acceso a la red podr\u00eda utilizar la vulnerabilidad para comprometer la disponibilidad del sistema causando una condici\u00f3n de denegaci\u00f3n de servicio. La explotaci\u00f3n exitosa no requiere privilegios del sistema ni interacci\u00f3n del usuario"}], "lastModified": "2024-11-21T04:34:29.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:openpcs_7:9.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CBF717A-B2D4-459C-894A-65622570645D"}, {"criteria": "cpe:2.3:a:siemens:openpcs_7:9.0_update_1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "957DDF70-1837-4E92-A707-944AD6ED4304"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E54F6E83-C353-44FB-9F37-C03DA344A5DC"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E19D98B-B40A-4589-8C26-7722C25EEC63"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85CDD274-B2B4-4DB0-9917-C16B5D900006"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B435D51-FFA2-4F19-9B51-404BB37D7F0D"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFBBC7D6-D1D4-452E-A744-B490CF002354"}, {"criteria": "cpe:2.3:a:siemens:simatic_batch:9.0:sp1_update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98BC62E3-4C0B-481A-9274-B9C785F8FDC5"}, {"criteria": "cpe:2.3:a:siemens:simatic_net_pc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "744B5953-511F-42CA-80A0-DBE36A6AA144", "versionEndExcluding": "16"}, {"criteria": "cpe:2.3:a:siemens:simatic_net_pc:16:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496E3C43-5DA8-4983-8AC6-0F32454E22F3"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "858628AC-EA69-4D72-AE23-77A4A8DE2547"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4A75F15-8F47-4348-A85C-D94BBA8F9992"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A42E3FB0-6C66-4702-BDC8-39EEA54B5C0F"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AA0E077-AB19-473B-9454-8FED7188A2C4"}, {"criteria": "cpe:2.3:a:siemens:simatic_pcs_7:9.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19EA3CAD-E7CB-412F-A2EA-86A81EC25425"}, {"criteria": "cpe:2.3:a:siemens:simatic_route_control:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "885BA05F-BD8F-4DE9-BDD3-6C2C76418B05", "versionEndExcluding": "9.0"}, {"criteria": "cpe:2.3:a:siemens:simatic_route_control:9.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57073CE8-174E-429D-A721-AB14C7D16D4F"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B0BD5DE-C6EF-4B89-831B-DA34DB0D68F6"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2637C346-8AAF-481F-AFB0-BAD4254D14F4"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9589FF11-4F9B-40F6-A6C6-55405B9EE351"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB57B3A-C3B6-4E61-9DAE-B12CEA8CD093"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA6B2933-9C44-480C-96DC-6DF8C88950AF"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45097864-DD87-4587-997B-792F0175472B"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FB24A30-0F93-430D-817E-05E4594C8823"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25237B9A-2E51-4F17-BD75-04D245CCC51D"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90643D49-9EFC-4B9A-99C8-266135DF2E00"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4D7B24-91FF-4891-ABC3-683A6C72ADDA"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1DD77A4-1716-4793-AD73-79D04E3D2AEE"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E667123-6909-4DF2-8CEB-6E87E9FC48BC"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A5C76A-5D6D-47F8-BEF7-503F9A89AD18"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E776629C-904C-49D6-BF3F-8520FA7D5DFA"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:sp1_update_9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "805DAA15-03A3-4F63-90F7-EA130E5136F2"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E79DA14E-419C-49BA-8E4F-2907E1D8937F"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5:sp1:-:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00A48A8E-C112-4778-8A7B-2386E88A0177"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:7.5.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3D10C7E-5FD5-4B37-884B-B450DE5F800B"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D9FE447-2090-47D2-8667-5DC7605089BB"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:13:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB4FFADC-51F0-439F-9F80-D2B2614FFC39"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:14.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5A7162-F1B5-4E74-99D6-4108AC4C49FC"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50B77C2A-4D66-4407-8CA4-99C43ED72DDB"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9794ED7E-EB17-4C95-B900-840A48758F03"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57E82CFE-4191-4055-A0BA-EAB7BE96D947"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DBBDAA-BCAE-4B63-BDFC-3DD70DAD9B7D"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:15.1:update_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5AF87C6-F8D6-4462-9DF5-B9D301002B1C"}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc:16:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4316924-9EF8-4835-A2E4-0C81F4DE473D"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-19282

7.5^/10

7.1^/10

Attach tags to `CVE-2019-19282`