siemens simatic-wincc-runtime CVE-2019-6576 vulnerability in Siemens Products
Published on May 14, 2019

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known.

NVD

Weakness Type

Cryptographic Issues

Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.


Products Associated with CVE-2019-6576

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-6576 are published in these products:

Siemens Simatic Wincc Runtime
 
Siemens Simatic Wincc Tia Portal
 

Affected Versions

Siemens AG SIMATIC HMI Comfort Panels 4" - 22": Siemens AG SIMATIC HMI Comfort Outdoor Panels 7" & 15": Siemens AG SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F: Siemens AG SIMATIC WinCC Runtime Advanced: Siemens AG SIMATIC WinCC Runtime Professional: Siemens AG SIMATIC WinCC (TIA Portal): Siemens AG SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel):

Exploit Probability

EPSS
0.39%
Percentile
59.31%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.