Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19282

CVSS 7.5 · High EPSS 0.55% · P68
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-19282

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
缓冲区大小计算不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC PCS 7和SIMATIC WinCC 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC PCS 7是德国西门子(Siemens)公司的一套过程控制系统。 SIMATIC WinCC 中存在输入验证错误漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。以下产品及版本受到影响:SIMATIC WinCC V7.3(所有版本),SIMATIC WinCC V7.4(所有版本低于V7.4 SP1 Update 14),SIMATIC WinCC V7.5(所有版本低于V7.5 SP1 Update 1)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensOpenPCS 7 V8.1 All versions -
SiemensOpenPCS 7 V8.2 All versions -
SiemensOpenPCS 7 V9.0 All versions < V9.0 Upd3 -
SiemensSIMATIC BATCH V8.1 All versions -
SiemensSIMATIC BATCH V8.2 All versions < V8.2 Upd12 -
SiemensSIMATIC BATCH V9.0 All versions < V9.0 SP1 Upd5 -
SiemensSIMATIC NET PC Software V14 All versions < V14 SP1 Update 14 -
SiemensSIMATIC NET PC Software V15 All versions -
SiemensSIMATIC NET PC Software V16 All versions < V16 Update 1 -
SiemensSIMATIC PCS 7 V8.1 All versions -
SiemensSIMATIC PCS 7 V8.2 All versions -
SiemensSIMATIC PCS 7 V9.0 All versions < V9.0 SP3 -
SiemensSIMATIC Route Control V8.1 All versions -
SiemensSIMATIC Route Control V8.2 All versions -
SiemensSIMATIC Route Control V9.0 All versions < V9.0 Upd4 -
SiemensSIMATIC WinCC (TIA Portal) V13 All versions < V13 SP2 -
SiemensSIMATIC WinCC (TIA Portal) V14 All versions < V14 SP1 Update 10 -
SiemensSIMATIC WinCC (TIA Portal) V15.1 All versions < V15.1 Update 5 -
SiemensSIMATIC WinCC (TIA Portal) V16 All versions < V16 Update 1 -
SiemensSIMATIC WinCC V7.3 All versions -
SiemensSIMATIC WinCC V7.4 All versions < V7.4 SP1 Update 14 -
SiemensSIMATIC WinCC V7.5 All versions < V7.5 SP1 Update 1 -

II. Public POCs for CVE-2019-19282

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-19282

登录查看更多情报信息。

Same Patch Batch · Siemens · 2020-03-10 · 12 CVEs total

CVE-2019-192928.8 HIGHSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server SQL注入漏洞
CVE-2019-192977.5 HIGHSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 路径遍历漏洞
CVE-2019-192987.5 HIGHSiemens SiNVR 3 Central Control Server 输入验证错误漏洞
CVE-2019-192997.5 HIGHSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 加密问题漏洞
CVE-2019-192966.8 MEDIUMSiemens SiNVR 3 Central Control Server 路径遍历漏洞
CVE-2019-192906.5 MEDIUMSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 路径遍历漏洞
CVE-2019-192946.3 MEDIUMSiemens SiNVR 3 Central Control Server 跨站脚本漏洞
CVE-2019-192936.1 MEDIUMSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 跨站脚本漏洞
CVE-2019-192915.3 MEDIUMSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 安全漏洞
CVE-2019-192954.3 MEDIUMSiemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 安全漏洞
CVE-2019-6585Siemens SCALANCE S-600 跨站脚本漏洞

IV. Related Vulnerabilities

Same vendor: Siemens
Same weakness: CWE-131

V. Comments for CVE-2019-19282

No comments yet

Leave a comment