Vulnerabilities > CVE-2019-19276 - Out-of-bounds Write vulnerability in Siemens products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

siemens

CWE-787

NVD

Published: 2021-05-12

Updated: 2021-06-02

Summary

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161/udp can cause the SNMP service of affected devices to crash. A manual restart of the device is required to resume operation of the service.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Simatic HMI KTP Mobile Panels Firmware 16 Siemens Simatic HMI Comfort Panels Firmware 16	6
Hardware	Siemens Siemens Simatic HMI KTP Mobile Panels - Siemens Simatic HMI Comfort Panels -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf