siemens simatic-wincc-runtime CVE-2019-6572 vulnerability in Siemens Products
Published on May 14, 2019

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The affected device offered SNMP read and write capacities with a publicly know hardcoded community string. The security vulnerability could be exploited by an attacker with network access to the affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.

NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2019-6572 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2019-6572

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6572 are published in these products:

Siemens Simatic Wincc Runtime
 
Siemens Simatic Wincc Tia Portal
 

Affected Versions

Siemens AG SIMATIC HMI Comfort Panels 4" - 22": Siemens AG SIMATIC HMI Comfort Outdoor Panels 7" & 15": Siemens AG SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F: Siemens AG SIMATIC WinCC Runtime Advanced: Siemens AG SIMATIC WinCC Runtime Professional: Siemens AG SIMATIC WinCC (TIA Portal): Siemens AG SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel):

Exploit Probability

EPSS
0.90%
Percentile
75.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.