Buffer overflow in Siemens Simatic Hmi Comfort Panels 1st Generation (Incl. Siplus Variants)

CVE-2019-19276

A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st Generation (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 4). Specially crafted packets sent to port 161…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (41.2th percentile) — read the EPSS interpretation.

Affected products

Siemens Simatic Hmi Comfort Panels 1st Generation (Incl. Siplus Variants) — versions All versions < V16 Update 4
Siemens Simatic Hmi Ktp Mobile Panels — versions All versions < V16 Update 4

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf (x_refsource_MISC)