First published: Wed May 12 2021(Updated: )
A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Hmi Ktp Mobile Panels Firmware | =16 | |
Siemens Simatic Hmi Ktp Mobile Panels Firmware | =16-update_2 | |
Siemens Simatic Hmi Ktp Mobile Panels Firmware | =16-update_3 | |
Siemens Simatic Hmi Ktp Mobile Panels | ||
Siemens Simatic Hmi Comfort Panels Firmware | =16 | |
Siemens Simatic Hmi Comfort Panels Firmware | =16-update_2 | |
Siemens Simatic Hmi Comfort Panels Firmware | =16-update_3 | |
Siemens Simatic Hmi Comfort Panels |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-19276 is medium with a severity value of 5.3.
SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) versions < V16 Update 4 and SIMATIC HMI KTP Mobile Panels versions < V16 Update 4 are affected by CVE-2019-19276.
The vulnerability occurs when specially crafted packets are sent to port 161/udp, causing the SNMP service of affected devices to crash.
No, IBM Security Verify Access is not affected by CVE-2019-19276.
Update the SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) and SIMATIC HMI KTP Mobile Panels firmware to V16 Update 4 or later to mitigate the vulnerability.