CVE-2019-10943— 多款Siemens产品数据伪造问题漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2019-10943 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability has been identified in SIMATIC Drive Controller family (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V20.8), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions >= V20.8), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.8.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.8.1), SIMATIC S7-1500 Software Controller (All versions < V20.8), SIMATIC S7-1500 Software Controller (All versions >= V20.8), SIMATIC S7-PLCSIM Advanced (All versions < V3.0), SIMATIC S7-PLCSIM Advanced (All versions >= V3.0). An attacker with network access to port 102/tcp could potentially modify the user program on the PLC in a way that the running code is different from the source code which is stored on the device. An attacker must have network access to affected devices and must be able to perform changes to the user program. The vulnerability could impact the perceived integrity of the user program stored on the CPU. An engineer that tries to obtain the code of the user program running on the device, can receive different source code that is not actually running on the device.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
缺失完整性检查支持
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
多款Siemens产品数据伪造问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Siemens SIMATIC ET200 Open Controller CPU 1515SP PC2是德国西门子(Siemens)公司的一款逻辑控制器。 多款Siemens产品中存在数据伪造问题漏洞。该漏洞源于网络系统或产品未充分验证数据的来源或真实性。攻击者可利用伪造的数据进行攻击。以下产品和版本受到影响:SIMATIC ET 200SP Open Controller CPU。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Siemens | SIMATIC Drive Controller family | All versions | - | |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) | All versions | - | |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) | All versions < V20.8 | - | |
| Siemens | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) | All versions >= V20.8 | - | |
| Siemens | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) | All versions < V4.4.0 | - | |
| Siemens | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) | All versions >= V4.4.0 | - | |
| Siemens | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) | All versions < V2.8.1 | - | |
| Siemens | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) | All versions >= V2.8.1 | - | |
| Siemens | SIMATIC S7-1500 Software Controller | All versions < V20.8 | - | |
| Siemens | SIMATIC S7-1500 Software Controller | All versions >= V20.8 | - | |
| Siemens | SIMATIC S7-PLCSIM Advanced | All versions < V3.0 | - | |
| Siemens | SIMATIC S7-PLCSIM Advanced | All versions >= V3.0 | - |
二、漏洞 CVE-2019-10943 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2019-10943 的情报信息
请登录查看更多情报信息。
CVE-2019-10943 厂商安全公告 (1)
- https://cert-portal.siemens.com/productcert/pdf/ssa-232418.pdfx_refsource_MISC
同批安全公告 · Siemens · 2019-08-13 · 共 3 条
| CVE-2019-10929 | 多款Siemens产品加密问题漏洞 | |
| CVE-2019-10942 | Siemens SCALANCE X-200IRT 资源管理错误漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2019-10943
暂无评论