Vulnerabilities > CVE-2019-19282 - Incorrect Calculation of Buffer Size vulnerability in Siemens products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-131

NVD

Published: 2020-03-10

Updated: 2023-04-11

Summary

A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd3), SIMATIC BATCH V8.1 (All versions), SIMATIC BATCH V8.2 (All versions < V8.2 Upd12), SIMATIC BATCH V9.0 (All versions < V9.0 SP1 Upd5), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC Route Control V8.1 (All versions), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions < V9.0 Upd4), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC (TIA Portal) V15.1 (All versions < V15.1 Update 5), SIMATIC WinCC (TIA Portal) V16 (All versions < V16 Update 1), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 1). Through specially crafted messages, when encrypted communication is enabled, an attacker with network access could use the vulnerability to compromise the availability of the system by causing a Denial-of-Service condition. Successful exploitation requires no system privileges and no user interaction.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Simatic PCS 7 8.1 Siemens Simatic PCS 7 8.2 Siemens Simatic PCS 7 9.0 Siemens Simatic Wincc 7.4 Siemens Simatic Wincc 7.5.1 Siemens Simatic Wincc 14.0.1 Siemens Simatic Wincc 13 Siemens Simatic Wincc 7.5 Siemens Simatic Wincc 15.1 Siemens Simatic Wincc 16 Siemens Simatic NET PC 16 Siemens Simatic NET PC - Siemens Simatic NET PC 14 Siemens Simatic NET PC 15 Siemens Simatic Route Control 9.0 Siemens Simatic Route Control - Siemens Simatic Route Control 7.1 Siemens Simatic Route Control 8.0 Siemens Simatic Route Control 8.1 Siemens Simatic Route Control 8.2 Siemens Simatic Batch 9.0 Siemens Openpcs 7 9.0 Siemens Openpcs 7 9.0_Update_1	50

Common Weakness Enumeration (CWE)

CWE-131 - Incorrect Calculation of Buffer Size

Common Attack Pattern Enumeration and Classification (CAPEC)

Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf