What is the severity of CVE-2019-6572?

The severity of CVE-2019-6572 is critical with a CVSS score of 9.1.

Which software versions are affected by CVE-2019-6572?

The vulnerability affects all versions of SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, and SIMATIC HMI KTP Mobile Panels prior to V15.1 Update 1.

How can I fix CVE-2019-6572?

To fix the vulnerability, update the affected software versions to at least V15.1 Update 1.

Where can I find more information about CVE-2019-6572?

You can find more information about CVE-2019-6572 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/108412), [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf), and [US-CERT](https://www.us-cert.gov/ics/advisories/ICSA-19-134-09).

What is the Common Weakness Enumeration (CWE) associated with CVE-2019-6572?

The CWE associated with CVE-2019-6572 are CWE-798 (Use of Hard-coded Credentials) and CWE-200 (Information Exposure).

Vulnerability/
CVE-2019-6572

critical

9.1

CWE

798 200

14/5/2019

4/8/2024

CVE-2019-6572: Infoleak

First published: Tue May 14 2019(Updated: )

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens Simatic Hmi Comfort Panels Firmware	<15.1
Siemens Simatic Hmi Comfort Panels
Siemens Simatic Hmi Comfort Outdoor Panels Firmware	<15.1
Siemens Simatic Hmi Comfort Outdoor Panels
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	<15.1
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	<15.1
Siemens Simatic Hmi Ktp Mobile Panels Ktp700
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	<15.1
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	<15.1
Siemens Simatic Hmi Ktp Mobile Panels Ktp900
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	<15.1
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f
Siemens Simatic Wincc \(tia Portal\)	<15.1
Siemens Simatic Wincc Runtime	<15.1
Siemens Simatic Wincc Runtime	<15.1
Siemens Simatic Hmi Tp Firmware
Siemens Simatic Hmi Tp
Siemens Simatic Hmi Mp Firmware
Siemens Simatic Hmi Mp
Siemens Simatic Hmi Op Firmware
Siemens Simatic Hmi Op

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6572?
The severity of CVE-2019-6572 is critical with a CVSS score of 9.1.
Which software versions are affected by CVE-2019-6572?
The vulnerability affects all versions of SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, and SIMATIC HMI KTP Mobile Panels prior to V15.1 Update 1.
How can I fix CVE-2019-6572?
To fix the vulnerability, update the affected software versions to at least V15.1 Update 1.
Where can I find more information about CVE-2019-6572?
You can find more information about CVE-2019-6572 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/108412), [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf), and [US-CERT](https://www.us-cert.gov/ics/advisories/ICSA-19-134-09).
What is the Common Weakness Enumeration (CWE) associated with CVE-2019-6572?
The CWE associated with CVE-2019-6572 are CWE-798 (Use of Hard-coded Credentials) and CWE-200 (Information Exposure).

agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/weakness
agent/softwarecombine
agent/first-publish-date
agent/description
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/siemens
canonical/siemens simatic hmi comfort panels firmware
canonical/siemens simatic hmi comfort panels
canonical/siemens simatic hmi comfort outdoor panels firmware
canonical/siemens simatic hmi comfort outdoor panels
canonical/siemens simatic hmi ktp mobile panels ktp400f firmware
canonical/siemens simatic hmi ktp mobile panels ktp400f
canonical/siemens simatic hmi ktp mobile panels ktp700 firmware
canonical/siemens simatic hmi ktp mobile panels ktp700
canonical/siemens simatic hmi ktp mobile panels ktp700f firmware
canonical/siemens simatic hmi ktp mobile panels ktp700f
canonical/siemens simatic hmi ktp mobile panels ktp900 firmware
canonical/siemens simatic hmi ktp mobile panels ktp900
canonical/siemens simatic hmi ktp mobile panels ktp900f firmware
canonical/siemens simatic hmi ktp mobile panels ktp900f
canonical/siemens simatic wincc \(tia portal\)
canonical/siemens simatic wincc runtime
canonical/siemens simatic hmi tp firmware
canonical/siemens simatic hmi tp
canonical/siemens simatic hmi mp firmware
canonical/siemens simatic hmi mp
canonical/siemens simatic hmi op firmware
canonical/siemens simatic hmi op