7.5
CWE
400
Advisory Published
Updated

CVE-2019-13940

First published: Tue Feb 11 2020(Updated: )

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens S7-1200 Cpu 1211c Firmware<4.1
Siemens S7-1200 Cpu 1211c
Siemens S7-1200 Cpu 1212c Firmware<4.1
Siemens S7-1200 Cpu 1212c
Siemens S7-1200 Cpu 1214c Firmware<4.1
Siemens S7-1200 Cpu 1214c
Siemens S7-1200 Cpu 1215c Firmware<4.1
Siemens S7-1200 Cpu 1215c
Siemens S7-1200 Cpu 1217c Firmware<4.1
Siemens S7-1200 Cpu 1217c
Siemens S7-1200 Cpu 1212fc Firmware<4.1
Siemens S7-1200 Cpu 1212fc
Siemens S7-1200 Cpu 1214fc Firmware<4.1
Siemens S7-1200 Cpu 1214fc
Siemens S7-1200 Cpu 1215fc Firmware<4.1
Siemens S7-1200 Cpu 1215fc
Siemens Siplus S7-1200 Firmware<4.1
Siemens Siplus S7-1200
Siemens Siplus Cpu 1211c Firmware<4.1
Siemens Siplus Cpu 1211c
Siemens Siplus Cpu 1212c Firmware<4.1
Siemens Siplus Cpu 1212c
Siemens Siplus Cpu 1214c Firmware<=4.1
Siemens Siplus Cpu 1214c
Siemens Siplus Cpu 1215c Firmware<4.1
Siemens Siplus Cpu 1215c
Siemens Simatic S7-300 Cpu 319-3 Pn\/dp Firmware
Siemens Simatic S7-300 Cpu 319-3 Pn\/dp
Siemens Simatic S7-300 Cpu 315-2dp Firmware
Siemens Simatic S7-300 Cpu 315-2dp
Siemens Simatic S7-300 Cpu 315-2 Pn\/dp Firmware
Siemens Simatic S7-300 Cpu 315-2 Pn\/dp
Siemens Simatic S7-300 Cpu 317-2 Dp Firmware
Siemens Simatic S7-300 Cpu 317-2 Dp
Siemens Simatic S7-300 Cpu 317-2 Pn\/dp Firmware
Siemens Simatic S7-300 Cpu 317-2 Pn\/dp
Siemens Siplus S7-300 Cpu 314 Firmware
Siemens Siplus S7-300 Cpu 314
Siemens Siplus S7-300 Cpu 315-2 Dp Firmware
Siemens Siplus S7-300 Cpu 315-2 Dp
Siemens Siplus S7-300 Cpu 315-2 Pn\/dp Firmware
Siemens Siplus S7-300 Cpu 315-2 Pn\/dp
Siemens Siplus S7-300 Cpu 317-2 Pn\/dp Firmware
Siemens Siplus S7-300 Cpu 317-2 Pn\/dp=v6
Siemens Simatic S7-400 Pn\/dp Cpu Firmware
Siemens Simatic S7-400 Pn\/dp Cpu=v7
Siemens Simatic Winac Rtx \(f\) 2010

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2019-13940?

    The severity of CVE-2019-13940 is high with a severity value of 7.5.

  • Which software versions are affected by CVE-2019-13940?

    SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17).

  • How can I fix CVE-2019-13940?

    Apply the recommended security patch or upgrade to a version equal to or greater than V3.X.17.

  • What is the CVE ID for this vulnerability?

    The CVE ID for this vulnerability is CVE-2019-13940.

  • Where can I find more information about CVE-2019-13940?

    You can find more information about CVE-2019-13940 in the Siemens Product CERT advisory at the following link: [https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf]

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203