CVE-2019-6568 vulnerability in Siemens Products
Published on April 17, 2019
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
Weakness Type
Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.
Products Associated with CVE-2019-6568
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6568 are published in these products:
Affected Versions
Siemens SIMATIC CP 1604:- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V3.3 is affected.
- Version All versions < V3.3 is affected.
- Version All versions < V3.3 is affected.
- Version All versions is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V2.1.6 is affected.
- Version All versions < V2.7 is affected.
- Version All versions < V15.1 Upd4 is affected.
- Version All versions < V15.1 Upd4 is affected.
- Version All versions < V15.1 Upd4 is affected.
- Version All versions < V5.1.3 is affected.
- Version All versions is affected.
- Version All versions < V1.1.0 is affected.
- Version All versions < V1.1.0 is affected.
- Version All versions < V1.1.0 is affected.
- Version All versions < V3.2.1 is affected.
- Version All versions is affected.
- Version All versions < V2.6.1 is affected.
- Version All versions < V2.7 is affected.
- Version All versions < V3.3.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V2.0 SP1 UPD1 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V2010 SP3 is affected.
- Version All versions < V2010 SP3 is affected.
- Version All versions < V15.1 Upd4 is affected.
- Version All versions < V1.1.3 is affected.
- Version All versions < V2.1.3 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V4.8 HF6 is affected.
- Version All versions is affected.
- Version All versions < V5.1 SP1 HF4 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V4.8 HF6 is affected.
- Version All versions is affected.
- Version All versions < V5.1 SP1 HF4 is affected.
- Version All versions is affected.
- Version All versions < V4.8 SP2 HF9 is affected.
- Version All versions is affected.
- Version All versions < V4.8 SP2 HF9 is affected.
- Version All versions is affected.
- Version All versions < V4.8 SP2 HF9 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V4.8 HF6 is affected.
- Version All versions is affected.
- Version All versions < V5.1 SP1 HF4 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V4.8 HF6 is affected.
- Version All versions is affected.
- Version All versions < V5.1 SP1 HF4 is affected.
- Version All versions < V5.1 SP1 HF8 is affected.
- Version All versions < V4.7 HF33 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V4.8 SP2 HF10 is affected.
- Version All versions is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions is affected.
- Version All versions < V3.3 is affected.
- Version All versions < V3.3 is affected.
- Version All versions < V3.3.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V3.2.16 is affected.
- Version All versions < V1.1 is affected.
- Version All versions < V1.5 is affected.
- Version All versions < V2.3 is affected.
- Version All versions < V2.1 is affected.
Exploit Probability
EPSS
0.41%
Percentile
60.69%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.