CVE-2019-10929 (simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware, simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware, simatic_s7-1200_cpu_1211c_firmware, simatic_s7-1200_cpu_1212c_firmware, simatic_s7-1200_cpu_1214c_firmware, simatic_s7-1200_cpu_1215c_firmware, simatic_s7-1200_cpu_1217c_firmware, simatic_s7-1500, simatic_s7-1500_cpu_1511c_firmware, simatic_s7-1500_cpu_1512c_firmware, simatic_s7-1500_cpu_1518_firmware, simatic_s7-plcsim_advanced)

A vulnerability has been identified in SIMATIC ET 200SP Open Controller CPU 1515SP PC (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (All versions), SIMATIC S7-1200 CPU family (All versions >= V4.0), SIMATIC S7-1500 CPU family (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions). An attacker in a Man-in-the-Middle position could potentially modify network traffic exchanged on port 102/tcp, due to certain properties in the calculation used for integrity protection. In order to exploit the vulnerability, an attacker must be able to perform a Man-in-the-Middle attack. The vulnerability could impact the integrity of the communication. No public exploitation of the vulnerability was known at the time of advisory publication.

View Full Alert