CVE-2019-6568

7.5

HIGH

Apache Webserver Denial of Service

Description

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.

INFO

Published Date :

April 17, 2019, 2:29 p.m.

Last Modified :

April 11, 2023, 10:15 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9

Affected Products

The following products are affected by CVE-2019-6568 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Siemens	simatic_s7-1500_software_controller_firmware
2	Siemens	simatic_rf185c_firmware
3	Siemens	simatic_rf186c_firmware
4	Siemens	simatic_wincc
5	Siemens	simatic_s7-plcsim_advanced_firmware
6	Siemens	simatic_s7-1500_firmware
7	Siemens	simatic_s7-1500f_firmware
8	Siemens	simatic_rf182c_firmware
9	Siemens	simatic_cp_443-1_firmware
10	Siemens	simatic_cp_443-1_advanced_firmware
11	Siemens	simatic_ipc_diagmonitor_firmware
12	Siemens	siplus_net_cp_443-1_firmware
13	Siemens	siplus_net_cp_443-1_advanced_firmware
14	Siemens	tim_1531_irc_firmware
15	Siemens	simatic_s7-plcsim_advanced
16	Siemens	simatic_s7-1500_software_controller
17	Siemens	simatic_rf188c_firmware
18	Siemens	simatic_s7-300_firmware
19	Siemens	simatic_winac_rtx_2010_firmware
20	Siemens	simatic_winac_rtx_f_2010_firmware
21	Siemens	sinamics_g130_firmware
22	Siemens	sinamics_g150_firmware
23	Siemens	sinamics_s120_firmware
24	Siemens	sinamics_sl150_firmware
25	Siemens	sinamics_sm150_firmware
26	Siemens	simatic_cp_343-1_advanced_firmware
27	Siemens	simatic_s7-1500t_firmware
28	Siemens	simatic_wincc_runtime_advanced
29	Siemens	simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware
30	Siemens	siplus_s7-300_cpu_315-2_pn\/dp_firmware
31	Siemens	siplus_s7-300_cpu_317-2_pn\/dp_firmware
32	Siemens	simatic_s7-300_cpu_319-3_pn\/dp_firmware
33	Siemens	simatic_s7-300_cpu_315-2_pn\/dp_firmware
34	Siemens	simatic_s7-300_cpu_317-2_pn\/dp_firmware
35	Siemens	simatic_cp_1616_firmware
36	Siemens	simatic_cp_1604_firmware
37	Siemens	simatic_cp_443-1_opc_ua_firmware
38	Siemens	simatic_hmi_comfort_panels_firmware
39	Siemens	simatic_teleservice_adapter_ie_standard_firmware
40	Siemens	simatic_teleservice_adapter_ie_basic_firmware
41	Siemens	simatic_teleservice_adapter_ie_advanced_firmware
42	Siemens	sitop_psu8600_firmware
43	Siemens	simatic_winac_rtx_firmware
44	Siemens	sinamics_s150_firmware
45	Siemens	sinamics_gh150_firmware
46	Siemens	sinamics_gl150_firmware
47	Siemens	sinamics_gm150_firmware
48	Siemens	sinamics_sm120_firmware
49	Siemens	simatic_hmi_comfort_outdoor_panels_firmware
50	Siemens	simatic_hmi_ktp_mobile_panels_ktp400f_firmware
51	Siemens	simatic_hmi_ktp_mobile_panels_ktp700_firmware
52	Siemens	simatic_hmi_ktp_mobile_panels_ktp700f_firmware
53	Siemens	simatic_hmi_ktp_mobile_panels_ktp900_firmware
54	Siemens	simatic_hmi_ktp_mobile_panels_ktp900f_firmware
55	Siemens	cp1604_firmware
56	Siemens	cp1616_firmware
57	Siemens	sinamics_s210_firmware
58	Siemens	sitop_manager
59	Siemens	simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware
60	Siemens	simatic_s7-400_pn\/dp_firmware
61	Siemens	simatic_cp343-1_advanced_firmware
62	Siemens	simatic_cp443-1_firmware
63	Siemens	simatic_cp443-1_advanced_firmware
64	Siemens	simatic_cp443-1_opc_ua
65	Siemens	simatic_ipc_diagmonitor
66	Siemens	simatic_rf600r_firmware
67	Siemens	simatic_rf181-eip_firmware
68	Siemens	simatic_s7-400_pn_firmware
69	Siemens	simocode_pro_v_eip_firmware
70	Siemens	simocode_pro_v_pn_firmware
71	Siemens	sitop_ups1600_firmware
72	Siemens	simatic_s7-1500s_firmware

: Total Affected Vendor : 1 | Products : 72

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-6568.

URL	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf	Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-6568 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2019-6568 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Action	Type	Old Value	New Value
Changed	Description	A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.	The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
Added	CVSS V3.1		Siemens AG AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Action	Type	Old Value	New Value
Removed	CVSS V3	NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf No Types Assigned	https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf Vendor Advisory
Removed	CWE	NIST CWE-20
Added	CWE		NIST CWE-125
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_rf185c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf185c:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_rf185c_firmware::::::::* versions up to (excluding) 1.1.0 OR cpe:2.3:h:siemens:simatic_rf185c:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware::::::::* OR cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware::::::::* versions up to (excluding) 2.7 OR cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware::::::::* versions up to (excluding) 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:-::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:::::::*
Changed	CPE Configuration	OR cpe:2.3:a:siemens:simatic_cp443-1_opc_ua::::::::* cpe:2.3:a:siemens:simatic_ipc_diagmonitor::::::::* cpe:2.3:a:siemens:simatic_s7-1500_software_controller::::::::* cpe:2.3:a:siemens:simatic_s7-plcsim_advanced::::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::* cpe:2.3:a:siemens:sitop_manager::::::::*	OR cpe:2.3:a:siemens:simatic_cp443-1_opc_ua::::::::* cpe:2.3:a:siemens:simatic_ipc_diagmonitor::::::::* versions up to (excluding) 5.1.3 cpe:2.3:a:siemens:simatic_s7-1500_software_controller::::::::* versions up to (excluding) 2.7 cpe:2.3:a:siemens:simatic_s7-plcsim_advanced::::::::* versions up to (excluding) 2.0 cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:-::::::* cpe:2.3:a:siemens:simatic_s7-plcsim_advanced:2.0:sp1::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::* versions up to (excluding) 15.1 cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:-::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update1::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update2::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:15.1:update3::::::* cpe:2.3:a:siemens:sitop_manager::::::::* versions up to (excluding) 1.1
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_rf600r_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf600r:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_rf600r_firmware::::::::* versions up to (excluding) 3.2.1 OR cpe:2.3:h:siemens:simatic_rf600r:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_rf188c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf188c:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_rf188c_firmware::::::::* versions up to (excluding) 1.1.0 OR cpe:2.3:h:siemens:simatic_rf188c:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_rf186c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf186c:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_rf186c_firmware::::::::* versions up to (excluding) 1.1.0 OR cpe:2.3:h:siemens:simatic_rf186c:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_s7-1500_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_s7-1500_firmware::::::::* versions up to (excluding) 2.6.1 OR cpe:2.3:h:siemens:simatic_s7-1500:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_s7-300_firmware:-::::::: OR cpe:2.3:h:siemens:simatic_s7-300:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_s7-300_firmware::::::::* versions up to (excluding) 3.3.17 OR cpe:2.3:h:siemens:simatic_s7-300:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_winac_rtx_2010_firmware::::::::* OR cpe:2.3:h:siemens:simatic_winac_rtx_2010:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_winac_rtx_firmware::::::::* versions up to (excluding) 2010 cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-::::::* OR cpe:2.3:h:siemens:simatic_winac_rtx:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simocode_pro_v_eip_firmware::::::::* OR cpe:2.3:h:siemens:simocode_pro_v_eip:-:::::::*	AND OR cpe:2.3:o:siemens:simocode_pro_v_eip_firmware::::::::* versions up to (excluding) 1.1.3 OR cpe:2.3:h:siemens:simocode_pro_v_eip:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simocode_pro_v_pn_firmware:-::::::: OR cpe:2.3:h:siemens:simocode_pro_v_pn:-:::::::*	AND OR cpe:2.3:o:siemens:simocode_pro_v_pn_firmware::::::::* versions up to (excluding) 2.1.3 OR cpe:2.3:h:siemens:simocode_pro_v_pn:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:sinamics_s150_firmware::::::::* versions up to (excluding) 5.1 cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:-::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1_hf2::::::* OR cpe:2.3:h:siemens:sinamics_s150:-:::::::*	AND OR cpe:2.3:o:siemens:sinamics_s150_firmware::::::::* versions up to (excluding) 5.1 cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:-::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1_hotfix2::::::* OR cpe:2.3:h:siemens:sinamics_s150:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:sitop_psu8600_firmware::::::::* OR cpe:2.3:h:siemens:sitop_psu8600:-:::::::*	AND OR cpe:2.3:o:siemens:sitop_psu8600_firmware::::::::* versions up to (excluding) 1.5 OR cpe:2.3:h:siemens:sitop_psu8600:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:sitop_ups1600_firmware::::::::* OR cpe:2.3:h:siemens:sitop_ups1600:-:::::::*	AND OR cpe:2.3:o:siemens:sitop_ups1600_firmware::::::::* versions up to (excluding) 2.3 OR cpe:2.3:h:siemens:sitop_ups1600:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:tim_1531_irc_firmware::::::::* OR cpe:2.3:h:siemens:tim_1531_irc:-:::::::*	AND OR cpe:2.3:o:siemens:tim_1531_irc_firmware::::::::* versions up to (excluding) 2.1 OR cpe:2.3:h:siemens:tim_1531_irc:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_s7-1500f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500f:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_s7-1500f_firmware::::::::* versions up to (excluding) 2.6.1 OR cpe:2.3:h:siemens:simatic_s7-1500f:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_s7-1500s_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500s:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_s7-1500s_firmware::::::::* versions up to (excluding) 2.6.1 OR cpe:2.3:h:siemens:simatic_s7-1500s:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:o:siemens:simatic_s7-1500t_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500t:-:::::::*	AND OR cpe:2.3:o:siemens:simatic_s7-1500t_firmware::::::::* versions up to (excluding) 2.6.1 OR cpe:2.3:h:siemens:simatic_s7-1500t:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_gh150_firmware::::::::* versions up to (excluding) 4.8 cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-::::::* OR cpe:2.3:h:siemens:sinamics_gh150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_gl150_firmware::::::::* versions up to (excluding) 4.8 cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-::::::* OR cpe:2.3:h:siemens:sinamics_gl150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_gm150_firmware::::::::* versions up to (excluding) 4.8 cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-::::::* OR cpe:2.3:h:siemens:sinamics_gm150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_sl150_firmware::::::::* versions up to (excluding) 4.8 cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-::::::* OR cpe:2.3:h:siemens:sinamics_sl150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_sm120_firmware::::::::* versions up to (excluding) 4.8 cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-::::::* OR cpe:2.3:h:siemens:sinamics_sm120:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_sm150_firmware::::::::* versions up to (excluding) 5.1 cpe:2.3:o:siemens:sinamics_sm150_firmware:5.1:-::::::* OR cpe:2.3:h:siemens:sinamics_sm150:-:::::::*

Action	Type	Old Value	New Value
Changed	Description	A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (All versions < V2.1.6), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC RF181-EIP (All versions), SIMATIC RF182C (All versions), SIMATIC RF185C (All versions < V1.1.0), SIMATIC RF186C (All versions < V1.1.0), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions < V2.6.1), SIMATIC S7-1500 Software Controller (All versions < V2.7), SIMATIC S7-300 CPU family (All versions < V3.X.16), SIMATIC S7-400 PN (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-PLCSIM Advanced (All versions < V2.0 SP1 UPD1), SIMATIC Teleservice Adapter IE Advanced (All versions), SIMATIC Teleservice Adapter IE Basic (All versions), SIMATIC Teleservice Adapter IE Standard (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMATIC WinCC Runtime Advanced (All versions), SIMOCODE pro V EIP (All versions), SIMOCODE pro V PN (All versions), SINAMICS G130 V4.6 (Control Unit) (All versions), SINAMICS G130 V4.7 (Control Unit) (All versions), SINAMICS G130 V4.7 SP1 (Control Unit) (All versions), SINAMICS G130 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G130 V5.1 (Control Unit) (All versions), SINAMICS G130 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS G150 V4.6 (Control Unit) (All versions), SINAMICS G150 V4.7 (Control Unit) (All versions), SINAMICS G150 V4.7 SP1 (Control Unit) (All versions), SINAMICS G150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS G150 V5.1 (Control Unit) (All versions), SINAMICS G150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S120 V4.6 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S120 V4.7 SP1 (Control Unit) (All versions), SINAMICS S120 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S120 V5.1 (Control Unit) (All versions), SINAMICS S120 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S150 V4.6 (Control Unit) (All versions), SINAMICS S150 V4.7 (Control Unit) (All versions), SINAMICS S150 V4.7 SP1 (Control Unit) (All versions), SINAMICS S150 V4.8 (Control Unit) (All versions < V4.8 HF6), SINAMICS S150 V5.1 (Control Unit) (All versions), SINAMICS S150 V5.1 SP1 (Control Unit) (All versions < V5.1 SP1 HF4), SINAMICS S210 V5.1 (Control Unit) (All versions), SINAMICS S210 V5.1 SP1 (Control Unit) (All versions), SITOP Manager (All versions), SITOP PSU8600 (All versions), SITOP UPS1600 (All versions), TIM 1531 IRC (All versions). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.	A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Added	Reference		https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf [No Types Assigned]

Action	Type	Old Value	New Value
Added	CVSS V2		(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Changed	Reference Type	https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf No Types Assigned	https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf Vendor Advisory
Added	CWE		CWE-20
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:cp1604_firmware::::::::* OR cpe:2.3:h:siemens:cp1604:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:cp1616_firmware::::::::* OR cpe:2.3:h:siemens:cp1616:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf185c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf185c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_cp343-1_advanced_firmware::::::::* OR cpe:2.3:h:siemens:simatic_cp343-1_advanced:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_cp443-1_firmware::::::::* OR cpe:2.3:h:siemens:simatic_cp443-1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_cp443-1_advanced_firmware::::::::* OR cpe:2.3:h:siemens:simatic_cp443-1_advanced:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware::::::::* versions up to (excluding) 2.1.6 OR cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware::::::::* OR cpe:2.3:h:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:::::::*
Added	CPE Configuration		OR cpe:2.3:a:siemens:simatic_cp443-1_opc_ua::::::::* cpe:2.3:a:siemens:simatic_ipc_diagmonitor::::::::* cpe:2.3:a:siemens:simatic_s7-1500_software_controller::::::::* cpe:2.3:a:siemens:simatic_s7-plcsim_advanced::::::::* cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::* cpe:2.3:a:siemens:sitop_manager::::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf600r_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf600r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf188c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf188c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf186c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf186c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf182c_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf182c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_rf181-eip_firmware::::::::* OR cpe:2.3:h:siemens:simatic_rf181-eip:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-300_firmware:-::::::: OR cpe:2.3:h:siemens:simatic_s7-300:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-400_pn_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-400_pn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-400_pn\/dp_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-400_pn\/dp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware::::::::* OR cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware::::::::* OR cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware::::::::* OR cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_winac_rtx_2010_firmware::::::::* OR cpe:2.3:h:siemens:simatic_winac_rtx_2010:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simocode_pro_v_eip_firmware::::::::* OR cpe:2.3:h:siemens:simocode_pro_v_eip:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simocode_pro_v_pn_firmware:-::::::: OR cpe:2.3:h:siemens:simocode_pro_v_pn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_g130_firmware::::::::* versions up to (excluding) 5.2 OR cpe:2.3:h:siemens:sinamics_g130:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_g150_firmware::::::::* versions up to (excluding) 5.2 OR cpe:2.3:h:siemens:sinamics_g150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_s120_firmware::::::::* versions up to (excluding) 5.2 OR cpe:2.3:h:siemens:sinamics_s120:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_s150_firmware::::::::* versions up to (excluding) 5.1 cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:-::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1::::::* cpe:2.3:o:siemens:sinamics_s150_firmware:5.1:sp1_hf2::::::* OR cpe:2.3:h:siemens:sinamics_s150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sinamics_s210_firmware::::::::* versions up to (excluding) 5.1 cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:-::::::* cpe:2.3:o:siemens:sinamics_s210_firmware:5.1:sp1::::::* OR cpe:2.3:h:siemens:sinamics_s210:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sitop_psu8600_firmware::::::::* OR cpe:2.3:h:siemens:sitop_psu8600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:sitop_ups1600_firmware::::::::* OR cpe:2.3:h:siemens:sitop_ups1600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:tim_1531_irc_firmware::::::::* OR cpe:2.3:h:siemens:tim_1531_irc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500f_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500f:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500s_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500t_firmware::::::::* OR cpe:2.3:h:siemens:simatic_s7-1500t:-:::::::*

CVE-2019-6568

Apache Webserver Denial of Service

Description

INFO

April 17, 2019, 2:29 p.m.

April 11, 2023, 10:15 a.m.

[email protected]

Yes !

3.6

3.9

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.12 }} 0.00%

0.43820

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable