siemens simatic-s7-1500 CVE-2019-10943 vulnerability in Siemens Products
Published on August 13, 2019

A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.

NVD

Weakness Type

Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.


Products Associated with CVE-2019-10943

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10943 are published in these products:

Siemens Simatic S7 1500
 
Siemens Simatic S7 Plcsim Advanced
 
Siemens Simatic S7 1500 Software Controller
 

Affected Versions

Siemens SIMATIC Drive Controller family: Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Siemens SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Siemens SIMATIC S7-1500 Software Controller: Siemens SIMATIC S7-1500 Software Controller: Siemens SIMATIC S7-PLCSIM Advanced: Siemens SIMATIC S7-PLCSIM Advanced:

Exploit Probability

EPSS
0.11%
Percentile
29.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.