1. Home
  2. CVE Database
  3. CVE-2019-13945
MEDIUM · 6.8

CVE-2019-13945

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU ...

Vulnerability Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
SiemensSimatic S7-1200 FirmwareAll versions
SiemensSimatic S7-1200-
SiemensS7-200 Smart FirmwareAll versions
SiemensS7-200 Smart-
SiemensSimatic S7-200 Smart Cpu St20 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu St20-
SiemensSimatic S7-200 Smart Cpu St30 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu St30-
SiemensSimatic S7-200 Smart Cpu St40 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu St40-
SiemensSimatic S7-200 Smart Cpu St60 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu St60-
SiemensSimatic S7-200 Smart Cpu Sr20 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu Sr20-
SiemensSimatic S7-200 Smart Cpu Sr30 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu Sr30-
SiemensSimatic S7-200 Smart Cpu Sr40 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu Sr40-
SiemensSimatic S7-200 Smart Cpu Sr60 Firmware<= 2.5.0
SiemensSimatic S7-200 Smart Cpu Sr60-

Related Weaknesses (CWE)

CWE-749

References

FAQ

What is CVE-2019-13945?

CVE-2019-13945 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU ...

How severe is CVE-2019-13945?

CVE-2019-13945 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13945?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic S7-1200 Firmware, Siemens Simatic S7-1200, Siemens S7-200 Smart Firmware, Siemens S7-200 Smart, Siemens Simatic S7-200 Smart Cpu St20 Firmware.