CVE-2019-6572

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Published : 2019-05-14 20:29 Updated : 2019-05-22 16:29

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Siemens Simatic Wincc Runtime - cpe:/a:siemens:simatic_wincc_runtime:-::~~advanced~~~
Siemens Simatic Hmi Mp Firmware cpe:/o:siemens:simatic_hmi_mp_firmware
Siemens Simatic Hmi Op Firmware cpe:/o:siemens:simatic_hmi_op_firmware
Siemens Simatic Hmi Tp Firmware cpe:/o:siemens:simatic_hmi_tp_firmware
  1. Siemens (4) Search CVE
    1. Simatic Wincc Runtime (1) Search CVE
      1. -
    2. Simatic Hmi Mp Firmware (1) Search CVE
    3. Simatic Hmi Op Firmware (1) Search CVE
    4. Simatic Hmi Tp Firmware (1) Search CVE

CWE

ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2019-05-22 16:29
2019-05-17 14:49
2019-05-14 20:29

New CVE