VDB
CVE-2019-13945
CVE-2019-13945
PUBLISHED
CVSS 6.800000190734863 MEDIUM
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known.
EPSS 0.14% · 34.5th percentile
Risk Scores
CVSS v3.1
6.800000190734863
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.14%
34.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | simatic_s7-200_smart_cpu_cr60s_firmware | 0 |
| Siemens AG | SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) | * |
| Siemens AG | SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) | All versions |
| siemens | simatic_s7-200_smart_cpu_st20_firmware | 0 |
| Siemens AG | SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) | All versions <= V2.2.2 and Function State (FS) <= 10 |
| siemens | simatic_s7-1200_firmware | |
| siemens | simatic_s7-200_smart_cpu_st40_firmware | 0 |
| Siemens AG | SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) | All versions <= V2.5.0 and Function State (FS) <= 11 |
| Siemens AG | SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) | * |
| Siemens AG | SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) | All versions <= V2.5.0 and Function State (FS) <= 12 |
| Siemens AG | SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) | All versions <= V2.5.0 and Function State (FS) <= 10 |
| Siemens AG | SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) | All versions <= V2.3.0 and Function State (FS) <= 3 |
| siemens | simatic_s7-200_smart_cpu_cr20s_firmware | 0 |
| siemens | simatic_s7-200_smart_cpu_sr60_firmware | 0 |
| Siemens AG | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) | * |
| siemens | simatic_s7-200_smart_cpu_st30_firmware | 0 |
| Siemens AG | SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) | All versions <= V2.5.0 and Function State (FS) <= 9 |
| siemens | simatic_s7-200_smart_cpu_sr40_firmware | 0 |
| siemens | simatic_s7-200_smart_cpu_cr40_firmware | 0 |
| siemens | simatic_s7-200_smart_cpu_sr30_firmware | 0 |
…and 14 more
Timeline
- Nov 12, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-451445.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-344983.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-618620.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-525454.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-13945 advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf advisory