medium
6.8
CWE
749
Advisory Published
Updated

CVE-2019-13945

First published: Thu Dec 12 2019(Updated: )

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Simatic S7-1200 Firmware
Siemens SIMATIC S7-1200
Siemens S7-200 Smart Firmware
Siemens S7-200 Smart
Siemens Simatic S7-200 Smart Cpu St20 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu St20
Siemens Simatic S7-200 Smart Cpu St30 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu St30
Siemens Simatic S7-200 Smart Cpu St40 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu St40
Siemens Simatic S7-200 Smart Cpu St60 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu St60
Siemens Simatic S7-200 Smart Cpu Sr20 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu Sr20
Siemens Simatic S7-200 Smart Cpu Sr30 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu Sr30
Siemens Simatic S7-200 Smart Cpu Sr40 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu Sr40
Siemens Simatic S7-200 Smart Cpu Sr60 Firmware<=2.5.0
Siemens Simatic S7-200 Smart Cpu Sr60
Siemens Simatic S7-200 Smart Cpu Cr40 Firmware<=2.2.2
Siemens Simatic S7-200 Smart Cpu Cr40
Siemens Simatic S7-200 Smart Cpu Cr60 Firmware<=2.2.2
Siemens Simatic S7-200 Smart Cpu Cr60
Siemens Simatic S7-200 Smart Cpu Cr20s Firmware<=2.3.0
Siemens Simatic S7-200 Smart Cpu Cr20s
Siemens Simatic S7-200 Smart Cpu Cr30s Firmware<=2.3.0
Siemens Simatic S7-200 Smart Cpu Cr30s
Siemens Simatic S7-200 Smart Cpu Cr40s Firmware<=2.3.0
Siemens Simatic S7-200 Smart Cpu Cr40s
Siemens Simatic S7-200 Smart Cpu Cr60s Firmware<=2.3.0
Siemens Simatic S7-200 Smart Cpu Cr60s

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-13945?

    The severity of CVE-2019-13945 is medium with a severity value of 6.8.

  • Which software are affected by CVE-2019-13945?

    The affected software include Siemens Simatic S7-1200 Firmware and Siemens S7-200 Smart Firmware.

  • How can I fix CVE-2019-13945?

    To fix CVE-2019-13945, apply the necessary patches and firmware updates provided by Siemens.

  • What is the CWE ID for CVE-2019-13945?

    The CWE ID for CVE-2019-13945 is 749.

  • Where can I find more information about CVE-2019-13945?

    You can find more information about CVE-2019-13945 in the following reference: [link](https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203