Vulnerability in Siemens Simatic Cp 1626
CVE-2019-10929
A vulnerability has been identified in SIMATIC CP 1626 (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All vers…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.001 (33.8th percentile) — read the EPSS interpretation.
Affected products
- Siemens Simatic Cp 1626 — versions All versions
- Siemens Simatic Et 200sp Open Controller Cpu 1515sp Pc2 (Incl. Siplus Variants) — versions All versions < V20.8
- Siemens Simatic Et 200sp Open Controller Cpu 1515sp Pc (Incl. Siplus Variants) — versions All versions
- Siemens Simatic Hmi Panel (Incl. Siplus Variants) — versions All versions
- Siemens Simatic Net Pc Software V14 — versions All versions < V14 SP1 Update 14
- Siemens Simatic Net Pc Software V15 — versions All versions
- Siemens Simatic S7-1200 Cpu Family (Incl. Siplus Variants) — versions All versions < V4.4.0
- Siemens Simatic S7-1500 Cpu Family (Incl. Related Et200 Cpus And Siplus Variants) — versions All versions < V2.8.1
- Siemens Simatic S7-1500 Software Controller — versions All versions < V20.8
- Siemens Simatic S7-plcsim Advanced — versions All versions < V3.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cert-portal.siemens.com/productcert/pdf/ssa-232418.pdf (x_refsource_MISC)
- cert-portal.siemens.com/productcert/pdf/ssa-273799.pdf (x_refsource_MISC)
- www.us-cert.gov/ics/advisories/icsa-19-344-04 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-10929?
- CVE-2019-10929 is a vulnerability in Siemens Simatic Cp 1626, classified under Use of a Broken or Risky Cryptographic Algorithm. Published 2019-08-13.
- Is CVE-2019-10929 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.