CVE-2019-6568

Published: Apr 17, 2019

Modified: Jun 3, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

Vendor	Product	Versions
Siemens	SIMATIC CP 1604	affected `All versions`
Siemens	SIMATIC CP 1616	affected `All versions`
Siemens	SIMATIC CP 343-1 Advanced	affected `All versions`
Siemens	SIMATIC CP 443-1	affected `All versions < V3.3`
Siemens	SIMATIC CP 443-1	affected `All versions < V3.3`
Siemens	SIMATIC CP 443-1 Advanced	affected `All versions < V3.3`
Siemens	SIMATIC CP 443-1 OPC UA	affected `All versions`
Siemens	SIMATIC ET 200pro IM154-8 PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIMATIC ET 200pro IM154-8F PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIMATIC ET 200pro IM154-8FX PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIMATIC ET 200S IM151-8 PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIMATIC ET 200S IM151-8F PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)	affected `All versions < V2.1.6`
Siemens	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)	affected `All versions < V2.7`
Siemens	SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)	affected `All versions < V15.1 Upd4`
Siemens	SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)	affected `All versions < V15.1 Upd4`
Siemens	SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F	affected `All versions < V15.1 Upd4`
Siemens	SIMATIC IPC DiagMonitor	affected `All versions < V5.1.3`
Siemens	SIMATIC RF182C	affected `All versions`
Siemens	SIMATIC RF185C	affected `All versions < V1.1.0`
Siemens	SIMATIC RF186C	affected `All versions < V1.1.0`
Siemens	SIMATIC RF188C	affected `All versions < V1.1.0`
Siemens	SIMATIC RF600R family	affected `All versions < V3.2.1`
Siemens	SIMATIC RFID 181EIP	affected `All versions`
Siemens	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)	affected `All versions < V2.6.1`
Siemens	SIMATIC S7-1500 Software Controller	affected `All versions < V2.7`
Siemens	SIMATIC S7-300 CPU 314C-2 PN/DP	affected `All versions < V3.3.16`
Siemens	SIMATIC S7-300 CPU 315-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 315F-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 315T-3 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 317-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 317F-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 317T-3 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 317TF-3 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 319-3 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-300 CPU 319F-3 PN/DP	affected `All versions < V3.2.16`
Siemens	SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	affected `All versions`
Siemens	SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)	affected `All versions`
Siemens	SIMATIC S7-PLCSIM Advanced	affected `All versions < V2.0 SP1 UPD1`
Siemens	SIMATIC Teleservice Adapter IE Advanced	affected `All versions`
Siemens	SIMATIC Teleservice Adapter IE Basic	affected `All versions`
Siemens	SIMATIC Teleservice Adapter IE Standard	affected `All versions`
Siemens	SIMATIC WinAC RTX 2010	affected `All versions < V2010 SP3`
Siemens	SIMATIC WinAC RTX F 2010	affected `All versions < V2010 SP3`
Siemens	SIMATIC WinCC Runtime Advanced	affected `All versions < V15.1 Upd4`
Siemens	SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)	affected `All versions < V1.1.3`
Siemens	SIMOCODE pro V PROFINET (incl. SIPLUS variants)	affected `All versions < V2.1.3`
Siemens	SINAMICS G130 V4.6 Control Unit	affected `All versions`
Siemens	SINAMICS G130 V4.7 Control Unit	affected `All versions`
Siemens	SINAMICS G130 V4.7 SP1 Control Unit	affected `All versions`
Siemens	SINAMICS G130 V4.8 Control Unit	affected `All versions < V4.8 HF6`
Siemens	SINAMICS G130 V5.1 Control Unit	affected `All versions`
Siemens	SINAMICS G130 V5.1 SP1 Control Unit	affected `All versions < V5.1 SP1 HF4`
Siemens	SINAMICS G150 V4.6 Control Unit	affected `All versions`
Siemens	SINAMICS G150 V4.7 Control Unit	affected `All versions`
Siemens	SINAMICS G150 V4.7 SP1 Control Unit	affected `All versions`
Siemens	SINAMICS G150 V4.8 Control Unit	affected `All versions < V4.8 HF6`
Siemens	SINAMICS G150 V5.1 Control Unit	affected `All versions`
Siemens	SINAMICS G150 V5.1 SP1 Control Unit	affected `All versions < V5.1 SP1 HF4`
Siemens	SINAMICS GH150 V4.7 (Control Unit)	affected `All versions`
Siemens	SINAMICS GH150 V4.8 (Control Unit)	affected `All versions < V4.8 SP2 HF9`
Siemens	SINAMICS GL150 V4.7 (Control Unit)	affected `All versions`
Siemens	SINAMICS GL150 V4.8 (Control Unit)	affected `All versions < V4.8 SP2 HF9`
Siemens	SINAMICS GM150 V4.7 (Control Unit)	affected `All versions`
Siemens	SINAMICS GM150 V4.8 (Control Unit)	affected `All versions < V4.8 SP2 HF9`
Siemens	SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)	affected `All versions`
Siemens	SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)	affected `All versions`
Siemens	SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)	affected `All versions`
Siemens	SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)	affected `All versions < V4.8 HF6`
Siemens	SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)	affected `All versions`
Siemens	SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)	affected `All versions < V5.1 SP1 HF4`
Siemens	SINAMICS S150 V4.6 Control Unit	affected `All versions`
Siemens	SINAMICS S150 V4.7 Control Unit	affected `All versions`
Siemens	SINAMICS S150 V4.7 SP1 Control Unit	affected `All versions`
Siemens	SINAMICS S150 V4.8 Control Unit	affected `All versions < V4.8 HF6`
Siemens	SINAMICS S150 V5.1 Control Unit	affected `All versions`
Siemens	SINAMICS S150 V5.1 SP1 Control Unit	affected `All versions < V5.1 SP1 HF4`
Siemens	SINAMICS S210	affected `All versions < V5.1 SP1 HF8`
Siemens	SINAMICS SL150 V4.7 (Control Unit)	affected `All versions < V4.7 HF33`
Siemens	SINAMICS SL150 V4.8 (Control Unit)	affected `All versions`
Siemens	SINAMICS SM120 V4.7 (Control Unit)	affected `All versions`
Siemens	SINAMICS SM120 V4.8 (Control Unit)	affected `All versions < V4.8 SP2 HF10`
Siemens	SINAMICS SM150 V4.8 (Control Unit)	affected `All versions`
Siemens	SIPLUS ET 200S IM151-8 PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIPLUS ET 200S IM151-8F PN/DP CPU	affected `All versions < V3.2.16`
Siemens	SIPLUS NET CP 343-1 Advanced	affected `All versions`
Siemens	SIPLUS NET CP 443-1	affected `All versions < V3.3`
Siemens	SIPLUS NET CP 443-1 Advanced	affected `All versions < V3.3`
Siemens	SIPLUS S7-300 CPU 314C-2 PN/DP	affected `All versions < V3.3.16`
Siemens	SIPLUS S7-300 CPU 315-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIPLUS S7-300 CPU 315F-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIPLUS S7-300 CPU 317-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SIPLUS S7-300 CPU 317F-2 PN/DP	affected `All versions < V3.2.16`
Siemens	SITOP Manager	affected `All versions < V1.1`
Siemens	SITOP PSU8600	affected `All versions < V1.5`
Siemens	SITOP UPS1600 (incl. SIPLUS variants)	affected `All versions < V2.3`
Siemens	TIM 1531 IRC (incl. SIPLUS NET variants)	affected `All versions < V2.1`

Weaknesses (CWE)

CWE-125

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-6568

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References