QID 591288

Date Published: 2023-01-13

QID 591288: Siemens SIMATIC IPC, SIMATIC ET 200SP Open Controller, SIMOTION P320 Multiple Vulnerabilities (SSA-398519)

AFFECTED PRODUCTS
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All BIOS versions prior to V2.08, only affected by CVE-2019-0169
SIMATIC IPC127E: All BIOS versions prior to V27.01.04, only affected by CVE-2019-0169
SIMATIC IPC427C: All versions, only affected by CVE-2019-0151
SIMATIC IPC427D (incl. SIPLUS variants): All versions, only affected by CVE-2019-0151
SIMATIC IPC427E (incl. SIPLUS variants): All BIOS versions prior to V21.01.13, only affected by CVE-2019-0151, CVE-2019-0169
SIMATIC IPC477C: All versions, only affected by CVE-2019-0151
SIMATIC IPC477D: All versions, only affected by CVE-2019-0151
SIMATIC IPC477E: All BIOS versions prior to V21.01.13, only affected by CVE-2019-0151, CVE-2019-0169
SIMATIC IPC477E Pro: All BIOS versions prior to V21.01.13, only affected by CVE-2019-0151, CVE-2019-0169
SIMATIC IPC527G: All BIOS versions prior to V1.3.2, only affected by CVE-2019-0169
SIMATIC IPC547E: All BIOS versions prior to R1.34, only affected by CVE-2019-0151
SIMATIC IPC547G: All BIOS versions prior to R1.28.0, only affected by CVE-2019-0151, CVE-2019-0169
SIMATIC IPC627C: All versions, only affected by CVE-2019-0151
SIMATIC IPC627D: All versions, only affected by CVE-2019-0151
SIMATIC IPC627E: All BIOS versions prior to V25.02.05 Update BIOS to V25.02.05
SIMATIC IPC647C: All versions, only affected by CVE-2019-0151
SIMATIC IPC647D: All versions, only affected by CVE-2019-0151
SIMATIC IPC647E: All BIOS versions prior to V25.02.05
SIMATIC IPC677C: All versions, only affected by CVE-2019-0151
SIMATIC IPC677D: All versions, only affected by CVE-2019-0151
SIMATIC IPC677E: All BIOS versions prior to V25.02.05
SIMATIC IPC827C: All versions, only affected by CVE-2019-0151
SIMATIC IPC827D: All versions, only affected by CVE-2019-0151
SIMATIC IPC847C: All versions, only affected by CVE-2019-0151
SIMATIC IPC847D: All versions, only affected by CVE-2019-0151
SIMATIC IPC847E: All BIOS versions prior to V25.02.05
SIMATIC ITP1000: All BIOS versions prior to V23.01.07, only affected by CVE-2019-0151, CVE-2019-0169
SIMOTION P320-4E: All versions, only affected by CVE-2019-0151
SIMOTION P320-4S: All versions, only affected by CVE-2019-0151

QID Detection Logic:
This QID checks for the Vulnerable version of Siemens SIMATIC IPC, SIMATIC ET 200SP Open Controller, SIMOTION P320 using passive scanning

Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel (R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS V3 rated as Critical - 8.8 severity.

CVSS V2 rated as High - 7.2 severity.

Solution

Customers are advised to refer to Siemens MITIGATIONS section SSA-398519 for affected packages and patching details.

Vendor References

SSA-398519 - cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf

CVEs related to QID 591288

CVE-2019-0151 | CVE-2019-0152 | CVE-2019-0169 |

Software Advisories

Advisory ID	Software	Component	Link
SSA-398519			cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].