CVE-2019-13945— Siemens SIMATIC S7-200和S7-1200 输入验证错误漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2019-13945 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
暴露危险的方法或函数
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Siemens SIMATIC S7-200和S7-1200 输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Siemens SIMATIC S7-200 Smart和Siemens SIMATIC S7-1200都是德国西门子(Siemens)公司的产品。Siemens SIMATIC S7-200 Smart是一款应用于中小型自动化系统中的可编程逻辑控制器(PLC)。Siemens SIMATIC S7-1200是一款S7-1200系列PLC(可编程逻辑控制器)。 Siemens S7-1200和SIMATIC S7-200中存在输入验证错误漏洞。攻击者可利用该漏洞访问其他诊断功能绕过安全限制,影响系统的完整
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2019-13945 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2019-13945 的情报信息
请登录查看更多情报信息。
CVE-2019-13945 厂商安全公告 (1)
- https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdfx_refsource_MISC
同批安全公告 · Siemens AG · 2019-12-12 · 共 8 条
| CVE-2019-13927 | Siemens Desigo PX 安全漏洞 | |
| CVE-2019-13930 | Siemens XHQ Operations Intelligence 跨站请求伪造漏洞 | |
| CVE-2019-13931 | Siemens XHQ Operations Intelligence 跨站脚本漏洞 | |
| CVE-2019-13932 | Siemens XHQ Operations Intelligence 安全漏洞 | |
| CVE-2019-13942 | Siemens EN100 Ethernet Module 缓冲区错误漏洞 | |
| CVE-2019-13943 | Siemens EN100 Ethernet Module 跨站脚本漏洞 | |
| CVE-2019-13944 | Siemens EN100 Ethernet module 路径遍历漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2019-13945
暂无评论