{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting theses vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could cause denial-of-service condition.", "title": "Risk evaluation" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "CISAservicedesk@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-19-253-03 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-253-03.json" }, { "category": "self", "summary": "ICS Advisory ICSA-19-253-03 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-253-03" } ], "title": "ICSA-19-253-03_Siemens Industrial Products (Update P)", "tracking": { "current_release_date": "2022-05-12T00:00:00.000000Z", "generator": { "engine": { "name": "CISA USCert CSAF Generator", "version": "1" } }, "id": "ICSA-19-253-03", "initial_release_date": "2019-09-10T00:00:00.000000Z", "revision_history": [ { "date": "2019-09-10T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-19-253-03 Siemens Industrial Products" }, { "date": "2019-10-08T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update A)" }, { "date": "2019-11-14T00:00:00.000000Z", "legacy_version": "B", "number": "3", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update B)" }, { "date": "2019-12-10T00:00:00.000000Z", "legacy_version": "C", "number": "4", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update C)" }, { "date": "2020-02-11T00:00:00.000000Z", "legacy_version": "D", "number": "5", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update D)" }, { "date": "2020-03-10T00:00:00.000000Z", "legacy_version": "E", "number": "6", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update E)" }, { "date": "2020-04-14T00:00:00.000000Z", "legacy_version": "F", "number": "7", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update F)" }, { "date": "2020-06-09T00:00:00.000000Z", "legacy_version": "G", "number": "8", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update G)" }, { "date": "2020-08-11T00:00:00.000000Z", "legacy_version": "H", "number": "9", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update H)" }, { "date": "2020-09-08T00:00:00.000000Z", "legacy_version": "I", "number": "10", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update I)" }, { "date": "2020-10-13T00:00:00.000000Z", "legacy_version": "J", "number": "11", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update J)" }, { "date": "2020-12-08T00:00:00.000000Z", "legacy_version": "K", "number": "12", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update K)" }, { "date": "2021-04-13T00:00:00.000000Z", "legacy_version": "L", "number": "13", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update L)" }, { "date": "2021-05-11T00:00:00.000000Z", "legacy_version": "M", "number": "14", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update M)" }, { "date": "2021-07-13T00:00:00.000000Z", "legacy_version": "N", "number": "15", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update N)" }, { "date": "2021-09-14T00:00:00.000000Z", "legacy_version": "O", "number": "16", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update O)" }, { "date": "2022-03-10T00:00:00.000000Z", "legacy_version": "P", "number": "17", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update P)" }, { "date": "2022-04-14T00:00:00.000000Z", "legacy_version": "Q", "number": "18", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update Q)" }, { "date": "2022-05-12T00:00:00.000000Z", "legacy_version": "R", "number": "19", "summary": "ICSA-19-253-03 Siemens Industrial Products (Update R)" } ], "status": "final", "version": "19" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC2200 PRO: All versions prior to v3.1.1.0", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SIMATIC ITC2200 PRO" }, { "branches": [ { "category": "product_version_range", "name": "< 1.3", "product": { "name": "SIMATIC RF188C: All versions prior to v1.3", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SIMATIC RF188C" }, { "branches": [ { "category": "product_version_range", "name": "< 2.8.4", "product": { "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB- 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant): All versions prior to v2.8.4", "product_id": "CSAFPID-0003" } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (MLFB- 6ES7518-4AX00-1AC0 6AG1518-4AX00-4AC0 incl. SIPLUS variant)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0): All versions prior to v4.0", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.5.18", "product": { "name": "SIMATIC CP 442-1 RNA (6GK7442-1RX00-0XE0): All versions prior to v1.5.18", "product_id": "CSAFPID-0005" } } ], "category": "product_name", "name": "SIMATIC CP 442-1 RNA (6GK7442-1RX00-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-0006" } } ], "category": "product_name", "name": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0): All versions prior to v4.0", "product_id": "CSAFPID-0007" } } ], "category": "product_name", "name": "SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0): All versions prior to v4.0", "product_id": "CSAFPID-0008" } } ], "category": "product_name", "name": "SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2): All versions prior to v6.2", "product_id": "CSAFPID-0009" } } ], "category": "product_name", "name": "SCALANCE M876-3 (6GK5876-3AA02-2BA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0): All versions prior to v4.0", "product_id": "CSAFPID-00010" } } ], "category": "product_name", "name": "SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC1900: All versions prior to v3.1.1.0", "product_id": "CSAFPID-00011" } } ], "category": "product_name", "name": "SIMATIC ITC1900" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00012" } } ], "category": "product_name", "name": "SCALANCE M804PB (6GK5804-0AP00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0.1", "product": { "name": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2): All versions prior to v2.0.1", "product_id": "CSAFPID-00013" } } ], "category": "product_name", "name": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.3", "product": { "name": "SIMATIC RF186C: All versions prior to v1.3", "product_id": "CSAFPID-00014" } } ], "category": "product_name", "name": "SIMATIC RF186C" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0): All versions prior to v3.2", "product_id": "CSAFPID-00015" } } ], "category": "product_name", "name": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0): All versions prior to v4.0", "product_id": "CSAFPID-00016" } } ], "category": "product_name", "name": "SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.8.4", "product": { "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0): All versions prior to v2.8.4", "product_id": "CSAFPID-00017" } } ], "category": "product_name", "name": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AC0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "RUGGEDCOM RM1224 (6GK6108-4AM00): All versions prior to v6.2", "product_id": "CSAFPID-00018" } } ], "category": "product_name", "name": "RUGGEDCOM RM1224 (6GK6108-4AM00)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants): All versions", "product_id": "CSAFPID-00019" } } ], "category": "product_name", "name": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "TIM 4R-IE (incl. SIPLUS NET variants): All versions", "product_id": "CSAFPID-00020" } } ], "category": "product_name", "name": "TIM 4R-IE (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0.1", "product": { "name": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2): All versions prior to v2.0.1", "product_id": "CSAFPID-00021" } } ], "category": "product_name", "name": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to v6.2", "product_id": "CSAFPID-00022" } } ], "category": "product_name", "name": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.1", "product": { "name": "SCALANCE S623: All versions prior to v4.1", "product_id": "CSAFPID-00023" } } ], "category": "product_name", "name": "SCALANCE S623" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0): All versions prior to v4.0", "product_id": "CSAFPID-00024" } } ], "category": "product_name", "name": "SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.5.18", "product": { "name": "SIMATIC CP 443-1 RNA (6GK7443-1RX00-0XE0): All versions prior to v1.5.18", "product_id": "CSAFPID-00025" } } ], "category": "product_name", "name": "SIMATIC CP 443-1 RNA (6GK7443-1RX00-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 8.6.0", "product": { "name": "SCALANCE W1750D: All versions prior to v8.6.0", "product_id": "CSAFPID-00026" } } ], "category": "product_name", "name": "SCALANCE W1750D" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants): All versions prior to v2.1", "product_id": "CSAFPID-00027" } } ], "category": "product_name", "name": "SIMATIC CP 1542SP-1 IRC (incl. SIPLUS variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00028" } } ], "category": "product_name", "name": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.13.3", "product": { "name": "ROX II: All versions prior to 2.13.3", "product_id": "CSAFPID-00029" } } ], "category": "product_name", "name": "ROX II" }, { "branches": [ { "category": "product_version_range", "name": "< 4.1", "product": { "name": "SCALANCE S612: All versions prior to v4.1", "product_id": "CSAFPID-00030" } } ], "category": "product_name", "name": "SCALANCE S612" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SCALANCE M875: All versions", "product_id": "CSAFPID-00031" } } ], "category": "product_name", "name": "SCALANCE M875" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0): All versions prior to v4.0", "product_id": "CSAFPID-00032" } } ], "category": "product_name", "name": "SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.92", "product": { "name": "SINUMERIK 808D: All versions prior to v4.92", "product_id": "CSAFPID-00033" } } ], "category": "product_name", "name": "SINUMERIK 808D" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV540 H (6GF3540-0GE10): All versions prior to v2.1", "product_id": "CSAFPID-00034" } } ], "category": "product_name", "name": "SIMATIC MV540 H (6GF3540-0GE10)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0): All versions prior to v4.0", "product_id": "CSAFPID-00035" } } ], "category": "product_name", "name": "SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0): All versions prior to v4.0", "product_id": "CSAFPID-00036" } } ], "category": "product_name", "name": "SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 9 Linux Image 2019-12-13 | 13 (only affected by CVE-2019-11479)", "product": { "name": "RUGGEDCOM RX 1400 VPE Linux CloudConnect: All versions prior to Debian 9 Linux Image 2019-12-13 13 (only affected by CVE-2019-11479)", "product_id": "CSAFPID-00037" } } ], "category": "product_name", "name": "RUGGEDCOM RX 1400 VPE Linux CloudConnect" }, { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC2200: All versions prior to v3.1.1.0", "product_id": "CSAFPID-00038" } } ], "category": "product_name", "name": "SIMATIC ITC2200" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants): All versions", "product_id": "CSAFPID-00039" } } ], "category": "product_name", "name": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0): All versions prior to v2.1", "product_id": "CSAFPID-00040" } } ], "category": "product_name", "name": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0): All versions prior to v4.0", "product_id": "CSAFPID-00041" } } ], "category": "product_name", "name": "SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.1.5", "product": { "name": "CloudConnect 712: All versions prior to 1.1.5", "product_id": "CSAFPID-00042" } } ], "category": "product_name", "name": "CloudConnect 712" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "TIM 3V-IE (incl. SIPLUS NET variants): All versions", "product_id": "CSAFPID-00043" } } ], "category": "product_name", "name": "TIM 3V-IE (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.3", "product": { "name": "SIMATIC RF186CI: All versions prior to v1.3", "product_id": "CSAFPID-00044" } } ], "category": "product_name", "name": "SIMATIC RF186CI" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "TIM 1531 IRC (incl. SIPLUS NET variants): All versions prior to 2.1", "product_id": "CSAFPID-00045" } } ], "category": "product_name", "name": "TIM 1531 IRC (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV540 S (6GF3540-0CD10): All versions prior to v2.1", "product_id": "CSAFPID-00046" } } ], "category": "product_name", "name": "SIMATIC MV540 S (6GF3540-0CD10)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIMATIC CP 1242-7C: All versions prior to v3.2", "product_id": "CSAFPID-00047" } } ], "category": "product_name", "name": "SIMATIC CP 1242-7C" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00048" } } ], "category": "product_name", "name": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0.1", "product": { "name": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2): All versions prior to v2.0.1", "product_id": "CSAFPID-00049" } } ], "category": "product_name", "name": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC CP 443-1 (incl. SIPLUS variants): All versions", "product_id": "CSAFPID-00050" } } ], "category": "product_name", "name": "SIMATIC CP 443-1 (incl. SIPLUS variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 17.0", "product": { "name": "SIMATIC CP 1628 (6GK1162-8AA00): All versions prior to v17.0", "product_id": "CSAFPID-00051" } } ], "category": "product_name", "name": "SIMATIC CP 1628 (6GK1162-8AA00)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): All versions prior to v3.2", "product_id": "CSAFPID-00052" } } ], "category": "product_name", "name": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants): All versions", "product_id": "CSAFPID-00053" } } ], "category": "product_name", "name": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC1900 PRO: All versions prior to v3.1.1.0", "product_id": "CSAFPID-00054" } } ], "category": "product_name", "name": "SIMATIC ITC1900 PRO" }, { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC1500 PRO: All versions prior to v3.1.1.0", "product_id": "CSAFPID-00055" } } ], "category": "product_name", "name": "SIMATIC ITC1500 PRO" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0): All versions prior to v3.2", "product_id": "CSAFPID-00056" } } ], "category": "product_name", "name": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.1.1.0", "product": { "name": "SIMATIC ITC1500: All versions prior to v3.1.1.0", "product_id": "CSAFPID-00057" } } ], "category": "product_name", "name": "SIMATIC ITC1500" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions prior to v2.1", "product_id": "CSAFPID-00058" } } ], "category": "product_name", "name": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0): All versions prior to v4.0", "product_id": "CSAFPID-00059" } } ], "category": "product_name", "name": "SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.0", "product": { "name": "SIMATIC CM 1542-1: All versions prior to 3.0", "product_id": "CSAFPID-00060" } } ], "category": "product_name", "name": "SIMATIC CM 1542-1" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): All versions prior to v3.2", "product_id": "CSAFPID-00061" } } ], "category": "product_name", "name": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV560 X (6GF3560-0HE10): All versions prior to v2.1", "product_id": "CSAFPID-00062" } } ], "category": "product_name", "name": "SIMATIC MV560 X (6GF3560-0HE10)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00063" } } ], "category": "product_name", "name": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions prior to v3.2", "product_id": "CSAFPID-00064" } } ], "category": "product_name", "name": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV550 S (6GF3550-0CD10): All versions prior to v2.1", "product_id": "CSAFPID-00065" } } ], "category": "product_name", "name": "SIMATIC MV550 S (6GF3550-0CD10)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.2", "product": { "name": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): All versions prior to v2.2", "product_id": "CSAFPID-00066" } } ], "category": "product_name", "name": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0): All versions prior to v4.0", "product_id": "CSAFPID-00067" } } ], "category": "product_name", "name": "SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC Teleservice Adapter IE Advanced: All versions", "product_id": "CSAFPID-00068" } } ], "category": "product_name", "name": "SIMATIC Teleservice Adapter IE Advanced" }, { "branches": [ { "category": "product_version_range", "name": "< 4.1", "product": { "name": "SCALANCE S602: All versions prior to v4.1", "product_id": "CSAFPID-00069" } } ], "category": "product_name", "name": "SCALANCE S602" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0): All versions", "product_id": "CSAFPID-00070" } } ], "category": "product_name", "name": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants): All versions", "product_id": "CSAFPID-00071" } } ], "category": "product_name", "name": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.3", "product": { "name": "SIMATIC RF188CI: All versions prior to v1.3", "product_id": "CSAFPID-00072" } } ], "category": "product_name", "name": "SIMATIC RF188CI" }, { "branches": [ { "category": "product_version_range", "name": "< 4.1", "product": { "name": "SCALANCE S627-2M: All versions prior to v4.1", "product_id": "CSAFPID-00073" } } ], "category": "product_name", "name": "SCALANCE S627-2M" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to v6.2", "product_id": "CSAFPID-00074" } } ], "category": "product_name", "name": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SCALANCE WLC711: All versions", "product_id": "CSAFPID-00075" } } ], "category": "product_name", "name": "SCALANCE WLC711" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "TIM 3V-IE Advanced (incl. SIPLUS NET variants): All versions", "product_id": "CSAFPID-00076" } } ], "category": "product_name", "name": "TIM 3V-IE Advanced (incl. SIPLUS NET variants)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV560 U (6GF3560-0LE10): All versions prior to v2.1", "product_id": "CSAFPID-00077" } } ], "category": "product_name", "name": "SIMATIC MV560 U (6GF3560-0LE10)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0): All versions prior to v4.0", "product_id": "CSAFPID-00078" } } ], "category": "product_name", "name": "SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SINEMA Remote Connect Server: All versions prior to v2.1", "product_id": "CSAFPID-00079" } } ], "category": "product_name", "name": "SINEMA Remote Connect Server" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SCALANCE WLC712: All versions", "product_id": "CSAFPID-00080" } } ], "category": "product_name", "name": "SCALANCE WLC712" }, { "branches": [ { "category": "product_version_range", "name": "< 9 Linux Image 2019-12-13", "product": { "name": "RUGGEDCOM RX 1400 VPE Debian Linux: All versions prior to Debian 9 Linux Image 2019-12-13", "product_id": "CSAFPID-00081" } } ], "category": "product_name", "name": "RUGGEDCOM RX 1400 VPE Debian Linux" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00082" } } ], "category": "product_name", "name": "SCALANCE M874-3 (6GK5874-3AA00-2AA2)" }, { "branches": [ { "category": "product_version", "name": "vers:all/*", "product": { "name": "SIMATIC Teleservice Adapter IE Basic: All versions", "product_id": "CSAFPID-00083" } } ], "category": "product_name", "name": "SIMATIC Teleservice Adapter IE Basic" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0.1", "product": { "name": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2): All versions prior to v2.0.1", "product_id": "CSAFPID-00084" } } ], "category": "product_name", "name": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE S615 (6GK5615-0AA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-00085" } } ], "category": "product_name", "name": "SCALANCE S615 (6GK5615-0AA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0): All versions prior to v4.0", "product_id": "CSAFPID-00086" } } ], "category": "product_name", "name": "SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): All versions prior to v6.2", "product_id": "CSAFPID-00087" } } ], "category": "product_name", "name": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0.1", "product": { "name": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2): All versions prior to v2.0.1", "product_id": "CSAFPID-00088" } } ], "category": "product_name", "name": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2)" }, { "branches": [ { "category": "product_version_range", "name": "< 14.00.15.00_51.25.00.01", "product": { "name": "SIMATIC CP 1623 (6GK1162-3AA00): All versions prior to v14.00.15.00_51.25.00.01", "product_id": "CSAFPID-00089" } } ], "category": "product_name", "name": "SIMATIC CP 1623 (6GK1162-3AA00)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): All versions prior to v2.1", "product_id": "CSAFPID-00090" } } ], "category": "product_name", "name": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.8 | SP5", "product": { "name": "SINUMERIK 828D: All versions prior to v4.8 SP5", "product_id": "CSAFPID-00091" } } ], "category": "product_name", "name": "SINUMERIK 828D" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions prior to v2.1", "product_id": "CSAFPID-00092" } } ], "category": "product_name", "name": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 9 Linux Image 2019-12-13", "product": { "name": "RUGGEDCOM APE 1404 Linux: All versions prior to Debian 9 Linux Image 2019-12-13", "product_id": "CSAFPID-00093" } } ], "category": "product_name", "name": "RUGGEDCOM APE 1404 Linux" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0): All versions prior to v2.1", "product_id": "CSAFPID-00094" } } ], "category": "product_name", "name": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.8 SP5", "product": { "name": "SINUMERIK 840D sl: All versions prior to v4.8 SP5", "product_id": "CSAFPID-00095" } } ], "category": "product_name", "name": "SINUMERIK 840D sl" }, { "branches": [ { "category": "product_version_range", "name": "< 2.1", "product": { "name": "SIMATIC MV550 H (6GF3550-0GE10): All versions prior to v2.1", "product_id": "CSAFPID-00096" } } ], "category": "product_name", "name": "SIMATIC MV550 H (6GF3550-0GE10)" }, { "branches": [ { "category": "product_version_range", "name": "< 2.2", "product": { "name": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): All versions prior to v2.2", "product_id": "CSAFPID-00097" } } ], "category": "product_name", "name": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0): All versions prior to v4.0", "product_id": "CSAFPID-00098" } } ], "category": "product_name", "name": "SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0): All versions prior to v4.0", "product_id": "CSAFPID-00099" } } ], "category": "product_name", "name": "SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions prior to v6.2", "product_id": "CSAFPID-000100" } } ], "category": "product_name", "name": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 3.2", "product": { "name": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0): All versions prior to v3.2", "product_id": "CSAFPID-000101" } } ], "category": "product_name", "name": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0)" }, { "branches": [ { "category": "product_version_range", "name": "< 1.3", "product": { "name": "SIMATIC RF185C: All versions prior to v1.3", "product_id": "CSAFPID-000102" } } ], "category": "product_name", "name": "SIMATIC RF185C" }, { "branches": [ { "category": "product_version_range", "name": "< 6.2", "product": { "name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to v6.2", "product_id": "CSAFPID-000103" } } ], "category": "product_name", "name": "SCALANCE M874-2 (6GK5874-2AA00-2AA2)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0): All versions prior to v4.0", "product_id": "CSAFPID-000104" } } ], "category": "product_name", "name": "SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 4.0", "product": { "name": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0): All versions prior to v4.0", "product_id": "CSAFPID-000105" } } ], "category": "product_name", "name": "SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0)" }, { "branches": [ { "category": "product_version_range", "name": "< 6.4", "product": { "name": "SCALANCE W-700 IEEE 802.11n family: All versions prior to v6.4", "product_id": "CSAFPID-000106" } } ], "category": "product_name", "name": "SCALANCE W-700 IEEE 802.11n family" }, { "branches": [ { "category": "product_version_range", "name": "< 2.0", "product": { "name": "SCALANCE W-1700 IEEE 802.11ac family: All versions prior to v2.0", "product_id": "CSAFPID-000107" } } ], "category": "product_name", "name": "SCALANCE W-1700 IEEE 802.11ac family" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-8460", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "The kernel can be forced to make very expensive calls for every incoming TCP Selective Acknowledgement (SACK) packet which can lead to a denial-of-service condition. CVE-2019-8460 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "mitigation", "details": "The following products are discontinued as of October 1, 2019. Siemens recommends upgrading hardware to successor products from the SCALANCE SC-600 family and applying patches when available, or following the manual mitigations addressed below.SCALANCE S602: Update to v4.1 (Update is only available via Siemens Support contact)", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ], "url": "https://support.industry.siemens.com/cs/document/109756957" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ] } ], "title": "CVE-2019-8460" }, { "cve": "CVE-2019-11477", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "The kernel is affected by an integer overflow when handling TCP Selective Acknowledgements, which could allow a remote attacker to cause a denial-of-service condition. CVE-2019-11477 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "mitigation", "details": "The following products are discontinued as of October 1, 2019. Siemens recommends upgrading hardware to successor products from the SCALANCE SC-600 family and applying patches when available, or following the manual mitigations addressed below.SCALANCE S602: Update to v4.1 (Update is only available via Siemens Support contact)", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ], "url": "https://support.industry.siemens.com/cs/document/109756957" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ] } ], "title": "CVE-2019-11477" }, { "cve": "CVE-2019-11478", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "A remote attacker sending specially crafted TCP Selective Acknowledgment (SACK) sequences may cause a denial-of-service condition. CVE-2019-11478 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "The following products are discontinued as of October 1, 2019. Siemens recommends upgrading hardware to successor products from the SCALANCE SC-600 family and applying patches when available, or following the manual mitigations addressed below.SCALANCE S602: Update to v4.1 (Update is only available via Siemens Support contact)", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ], "url": "https://support.industry.siemens.com/cs/document/109756957" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ] } ], "title": "CVE-2019-11478" }, { "cve": "CVE-2019-11479", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "summary", "text": "An attacker may exploit a vulnerability in the TCP retransmission queue implementation kernel when handling TCP Selective Acknowledgements (SACK) to cause a denial-of-service condition. CVE-2019-11479 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "remediations": [ { "category": "mitigation", "details": "The following products are discontinued as of October 1, 2019. Siemens recommends upgrading hardware to successor products from the SCALANCE SC-600 family and applying patches when available, or following the manual mitigations addressed below.SCALANCE S602: Update to v4.1 (Update is only available via Siemens Support contact)", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ], "url": "https://support.industry.siemens.com/cs/document/109756957" } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", "CSAFPID-00024", "CSAFPID-00025", "CSAFPID-00026", "CSAFPID-00027", "CSAFPID-00028", "CSAFPID-00029", "CSAFPID-00030", "CSAFPID-00031", "CSAFPID-00032", "CSAFPID-00033", "CSAFPID-00034", "CSAFPID-00035", "CSAFPID-00036", "CSAFPID-00037", "CSAFPID-00038", "CSAFPID-00039", "CSAFPID-00040", "CSAFPID-00041", "CSAFPID-00042", "CSAFPID-00043", "CSAFPID-00044", "CSAFPID-00045", "CSAFPID-00046", "CSAFPID-00047", "CSAFPID-00048", "CSAFPID-00049", "CSAFPID-00050", "CSAFPID-00051", "CSAFPID-00052", "CSAFPID-00053", "CSAFPID-00054", "CSAFPID-00055", "CSAFPID-00056", "CSAFPID-00057", "CSAFPID-00058", "CSAFPID-00059", "CSAFPID-00060", "CSAFPID-00061", "CSAFPID-00062", "CSAFPID-00063", "CSAFPID-00064", "CSAFPID-00065", "CSAFPID-00066", "CSAFPID-00067", "CSAFPID-00068", "CSAFPID-00069", "CSAFPID-00070", "CSAFPID-00071", "CSAFPID-00072", "CSAFPID-00073", "CSAFPID-00074", "CSAFPID-00075", "CSAFPID-00076", "CSAFPID-00077", "CSAFPID-00078", "CSAFPID-00079", "CSAFPID-00080", "CSAFPID-00081", "CSAFPID-00082", "CSAFPID-00083", "CSAFPID-00084", "CSAFPID-00085", "CSAFPID-00086", "CSAFPID-00087", "CSAFPID-00088", "CSAFPID-00089", "CSAFPID-00090", "CSAFPID-00091", "CSAFPID-00092", "CSAFPID-00093", "CSAFPID-00094", "CSAFPID-00095", "CSAFPID-00096", "CSAFPID-00097", "CSAFPID-00098", "CSAFPID-00099", "CSAFPID-000100", "CSAFPID-000101", "CSAFPID-000102", "CSAFPID-000103", "CSAFPID-000104", "CSAFPID-000105", "CSAFPID-000106", "CSAFPID-000107" ] } ], "title": "CVE-2019-11479" } ] }