high
7.5
CWE
400
Advisory Published
Updated

CVE-2019-19300

First published: Tue Apr 14 2020(Updated: )

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions), SIMATIC S7-300 CPU 315-2 PN/DP (All versions), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317-2 PN/DP (All versions), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions), SIMATIC S7-300 CPU 319-3 PN/DP (All versions), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions), SIPLUS NET PN/PN Coupler (All versions >= V4.2), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions), SIPLUS S7-300 CPU 315-2 PN/DP (All versions), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions), SIPLUS S7-300 CPU 317-2 PN/DP (All versions), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

Credit: productcert@siemens.com productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens KTK ATE530S
Siemens KTK ATE530S firmware
Siemens SIDOOR ATD430W firmware
Siemens SIDOOR ATD430W firmware
Siemens SIDOOR ATE530S COATED
Siemens KTK ATE530S
Siemens SIDOOR ATE531S
siemens SIDOOR ATE531S firmware
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Firmware<2.0
Siemens SIMATIC ET 200SP Open Controller firmware
Siemens SIMATIC ET 200SP Open Controller 1515SP PC2<2.0
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Firmware
Siemens SIMATIC ET 200MP IM 155-5 PN HF firmware<=4.2
Siemens SIMATIC ET200MP IM155-5 PN HF Firmware
Siemens SIMATIC ET200SP IM155-6 MF HF
Siemens SIMATIC ET200SP
Siemens SIMATIC ET 200SP IM 155-6 PN HA Firmware
siemens SIMATIC ET 200SP IM 155-6 PN ha
Siemens SIMATIC ET200SP IM 155-6 PN/2 HF<=4.2
Siemens SIMATIC ET200SP IM155-6 PN HF Firmware
Siemens SIMATIC ET200SP IM155-6 PN/2 HF Firmware<=4.2
Siemens SIMATIC ET200SP IM155-6 PN/2 HF
Siemens SIMATIC MICRO-DRIVE PDC firmware
Siemens SIMATIC MICRO-DRIVE PDC firmware
Siemens Simatic PN/PN Coupler Firmware<=4.2
Siemens Simatic PN/PN Coupler
Siemens SIMATIC S7-1500 CPU 1511-1 PN<2.0
Siemens SIMATIC S7-1500 CPU 1511-1
Siemens SIMATIC S7-1500 CPU 1513-1 PN firmware<2.0
siemens SIMATIC S7-1500 CPU 1513-1 PN firmware
Siemens Simatic S7-1500 CPU 1515-2 Firmware<2.0
Siemens SIMATIC S7-1500 CPU 1515-2
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP Firmware<2.0
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP
siemens SIMATIC S7-1500 CPU 1517-3 pn/dp firmware<2.0
Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP Firmware<2.0
Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP
Siemens SIMATIC S7-1500 CPU 1511F-1 Firmware<2.0
Siemens SIMATIC S7-1511F-1 PN CPU
Siemens SIMATIC S7-1500 CPU 1513f-1 PN<2.0
Siemens SIMATIC S7-1513F-1 PN CPU
Siemens SIMATIC S7-1515F-2 PN CPU<2.0
Siemens SIMATIC S7-1515F-2 PN CPU
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP Firmware<2.0
Siemens SIMATIC S7-1500 CPU 1516f-3 PN/DP
siemens SIMATIC S7-1500 CPU 1517f-3 pn/dp firmware<2.0
Siemens SIMATIC S7-1500 CPU 1517f-3 PN/DP
Siemens SIMATIC S7-1500 CPU 1518f-4 pn/dp firmware<2.0
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP
Siemens S7-1500<2.0
Siemens Simatic S7-300 With Profitnet Support Firmware
Siemens Simatic S7-300
siemens SIMATIC S7-400 PN/DP firmware
siemens SIMATIC S7-400 pn/dp=v7
Siemens SIMATIC S7-410 Firmware
Siemens SIMATIC S7-410
Siemens SIMATIC TDC CP51M1
Siemens SIMATIC TDC CP51M1 Firmware
Siemens SIMATIC TDC CPU555
Siemens SIMATIC TDC CPU555 Firmware
Siemens Simatic WinAC RTX (F) 2010 Firmware
Siemens Simatic Winac RTX (F) 2010
Siemens SINAMICS s/g Control Unit firmware
Siemens SINAMICS s/g Control Unit
All of
Siemens KTK ATE530S firmware
Siemens KTK ATE530S
All of
Siemens SIDOOR ATD430W firmware
Siemens SIDOOR ATD430W firmware
All of
Siemens KTK ATE530S
Siemens SIDOOR ATE530S COATED
All of
siemens SIDOOR ATE531S firmware
Siemens SIDOOR ATE531S
All of
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Firmware<2.0
Siemens SIMATIC ET 200SP Open Controller firmware
All of
Siemens SIMATIC ET 200SP Open Controller 1515SP PC2<2.0
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Firmware
All of
Siemens SIMATIC ET 200MP IM 155-5 PN HF firmware<=4.2
Siemens SIMATIC ET200MP IM155-5 PN HF Firmware
All of
Siemens SIMATIC ET200SP
Siemens SIMATIC ET200SP IM155-6 MF HF
All of
Siemens SIMATIC ET 200SP IM 155-6 PN HA Firmware
siemens SIMATIC ET 200SP IM 155-6 PN ha
All of
Siemens SIMATIC ET200SP IM155-6 PN HF Firmware
Siemens SIMATIC ET200SP IM 155-6 PN/2 HF<=4.2
All of
Siemens SIMATIC ET200SP IM155-6 PN/2 HF
Siemens SIMATIC ET200SP IM155-6 PN/2 HF Firmware<=4.2
All of
Siemens SIMATIC MICRO-DRIVE PDC firmware
Siemens SIMATIC MICRO-DRIVE PDC firmware
All of
Siemens Simatic PN/PN Coupler
Siemens Simatic PN/PN Coupler Firmware<=4.2
All of
Siemens SIMATIC S7-1500 CPU 1511-1
Siemens SIMATIC S7-1500 CPU 1511-1 PN<2.0
All of
siemens SIMATIC S7-1500 CPU 1513-1 PN firmware
Siemens SIMATIC S7-1500 CPU 1513-1 PN firmware<2.0
All of
Siemens SIMATIC S7-1500 CPU 1515-2
Siemens Simatic S7-1500 CPU 1515-2 Firmware<2.0
All of
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP Firmware<2.0
All of
Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP
siemens SIMATIC S7-1500 CPU 1517-3 pn/dp firmware<2.0
All of
Siemens Simatic S7-1500 CPU 1518-4 PN/DP MFP
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP Firmware<2.0
All of
Siemens SIMATIC S7-1511F-1 PN CPU
Siemens SIMATIC S7-1500 CPU 1511F-1 Firmware<2.0
All of
Siemens SIMATIC S7-1500 CPU 1513f-1 PN<2.0
Siemens SIMATIC S7-1513F-1 PN CPU
All of
Siemens SIMATIC S7-1515F-2 PN CPU<2.0
Siemens SIMATIC S7-1515F-2 PN CPU
All of
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP Firmware<2.0
Siemens SIMATIC S7-1500 CPU 1516f-3 PN/DP
All of
siemens SIMATIC S7-1500 CPU 1517f-3 pn/dp firmware<2.0
Siemens SIMATIC S7-1500 CPU 1517f-3 PN/DP
All of
Siemens SIMATIC S7-1500 CPU 1518f-4 pn/dp firmware<2.0
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP
All of
Siemens Simatic S7-300 With Profitnet Support Firmware
Siemens Simatic S7-300
All of
siemens SIMATIC S7-400 PN/DP firmware
siemens SIMATIC S7-400 pn/dp=v7
All of
Siemens SIMATIC S7-410 Firmware
Siemens SIMATIC S7-410
All of
Siemens SIMATIC TDC CP51M1
Siemens SIMATIC TDC CP51M1 Firmware
All of
Siemens SIMATIC TDC CPU555
Siemens SIMATIC TDC CPU555 Firmware
All of
Siemens Simatic WinAC RTX (F) 2010 Firmware
Siemens Simatic Winac RTX (F) 2010
All of
Siemens SINAMICS s/g Control Unit firmware
Siemens SINAMICS s/g Control Unit

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2019-19300?

    CVE-2019-19300 has been classified with a medium severity rating due to potential exploitation.

  • How do I fix CVE-2019-19300?

    To mitigate CVE-2019-19300, it is recommended to update the firmware of affected devices to the latest version provided by Siemens.

  • Which devices are affected by CVE-2019-19300?

    Devices affected by CVE-2019-19300 include various Siemens PROFINET IO development and evaluation kits and SIMATIC controllers.

  • Can CVE-2019-19300 be remotely exploited?

    Yes, CVE-2019-19300 can potentially be exploited remotely, allowing an attacker to execute unauthorized commands.

  • Is there a patch available for CVE-2019-19300?

    Yes, Siemens has released firmware updates that address CVE-2019-19300 and it is crucial to apply these updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203