CVE-2019-13940

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1214fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1214fc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:s7-1200_cpu_1215fc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:s7-1200_cpu_1215fc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-1200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:siplus_cpu_1211c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:siplus_cpu_1212c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:siplus_cpu_1214c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:siplus_cpu_1215c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2dp:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_pn\/dp:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_dp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_317-2_pn\/dp:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_319-3_pn\/dp:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-300_cpu_315-2_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-300_cpu_315-2_pn\/dp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:siplus_s7-300_cpu_317-2_pn\/dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:siplus_s7-300_cpu_317-2_pn\/dp:v6:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_pn\/dp_cpu:v7:*:*:*:*:*:*:*

Configuration 25 (hide)

cpe:2.3:a:siemens:simatic_winac_rtx_\(f\)_2010:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:25

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf - Vendor Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.3

07 Nov 2023, 03:04

Type Values Removed Values Added
Summary A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition. A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.

Information

Published : 2020-02-11 16:15

Updated : 2024-11-21 04:25


NVD link : CVE-2019-13940

Mitre link : CVE-2019-13940

CVE.ORG link : CVE-2019-13940


JSON object : View

Products Affected

siemens

  • siplus_cpu_1212c
  • siplus_cpu_1215c_firmware
  • siplus_cpu_1212c_firmware
  • siplus_s7-300_cpu_315-2_dp_firmware
  • s7-1200_cpu_1215fc_firmware
  • siplus_cpu_1211c_firmware
  • simatic_s7-300_cpu_319-3_pn\/dp_firmware
  • simatic_s7-300_cpu_317-2_pn\/dp_firmware
  • simatic_winac_rtx_\(f\)_2010
  • siplus_s7-300_cpu_315-2_pn\/dp_firmware
  • siplus_cpu_1214c_firmware
  • simatic_s7-300_cpu_317-2_dp_firmware
  • s7-1200_cpu_1214c
  • s7-1200_cpu_1217c_firmware
  • siplus_cpu_1214c
  • s7-1200_cpu_1212c_firmware
  • s7-1200_cpu_1214c_firmware
  • s7-1200_cpu_1212c
  • s7-1200_cpu_1215fc
  • s7-1200_cpu_1215c_firmware
  • s7-1200_cpu_1211c_firmware
  • siplus_cpu_1215c
  • simatic_s7-300_cpu_315-2_pn\/dp
  • s7-1200_cpu_1212fc_firmware
  • simatic_s7-300_cpu_315-2dp
  • s7-1200_cpu_1217c
  • siplus_s7-300_cpu_317-2_pn\/dp_firmware
  • simatic_s7-400_pn\/dp_cpu
  • s7-1200_cpu_1214fc_firmware
  • s7-1200_cpu_1214fc
  • siplus_s7-300_cpu_314_firmware
  • siplus_s7-1200
  • s7-1200_cpu_1211c
  • simatic_s7-300_cpu_319-3_pn\/dp
  • simatic_s7-300_cpu_317-2_dp
  • s7-1200_cpu_1215c
  • siplus_s7-1200_firmware
  • siplus_cpu_1211c
  • siplus_s7-300_cpu_314
  • siplus_s7-300_cpu_315-2_pn\/dp
  • simatic_s7-300_cpu_315-2_pn\/dp_firmware
  • simatic_s7-300_cpu_317-2_pn\/dp
  • simatic_s7-400_pn\/dp_cpu_firmware
  • siplus_s7-300_cpu_315-2_dp
  • siplus_s7-300_cpu_317-2_pn\/dp
  • simatic_s7-300_cpu_315-2dp_firmware
  • s7-1200_cpu_1212fc
CWE
CWE-400

Uncontrolled Resource Consumption