支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2019-6575 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
未捕获的异常
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
多款Siemens产品输入验证错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Siemens SIMATIC S7-1500 CPU是德国西门子(Siemens)公司的一款CPU(中央处理器)模块。 SIMATIC S7-1500 CPU 存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响:Siemens SIMATIC CP443-1 OPC UA (所有版本);SIMATIC ET 200 Open Controller CPU 1515SP PC2 2.7之前版本;SIMATIC HMI Comfort Outdoor Pane
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
SiemensSIMATIC CP 443-1 OPC UA All versions -
SiemensSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) All versions < V2.7 -
SiemensSIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) All versions < V15.1 Upd 4 -
SiemensSIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) All versions < V15.1 Upd 4 -
SiemensSIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F All versions < V15.1 Upd 4 -
SiemensSIMATIC IPC DiagMonitor All versions < V5.1.3 -
SiemensSIMATIC NET PC Software V13 All versions -
SiemensSIMATIC NET PC Software V14 All versions < V14 SP1 Update 14 -
SiemensSIMATIC NET PC Software V15 All versions -
SiemensSIMATIC RF188C All versions < V1.1.0 -
SiemensSIMATIC RF600R family All versions < V3.2.1 -
SiemensSIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) All versions >= V2.5 < V2.6.1 -
SiemensSIMATIC S7-1500 Software Controller All versions between V2.5 (including) and V2.7 (excluding) -
SiemensSIMATIC WinCC OA All versions < V3.15 P018 -
SiemensSIMATIC WinCC Runtime Advanced All versions < V15.1 Upd 4 -
SiemensSINEC NMS All versions < V1.0 SP1 -
SiemensSINEMA Server All versions < V14 SP2 -
SiemensSINUMERIK OPC UA Server All versions < V2.1 -
SiemensTeleControl Server Basic All versions < V3.1.1 -
二、漏洞 CVE-2019-6575 的公开POC
#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2019-6575 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same vendor: Siemens
Same weakness: CWE-248
V. Comments for CVE-2019-6575

暂无评论

发表评论