SB2020021217 - Multiple vulnerabilities in Siemens SIMATIC CP 1543-1

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020021217

SB2020021217 - Multiple vulnerabilities in Siemens SIMATIC CP 1543-1

Published: February 12, 2020

Security Bulletin ID SB2020021217
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2019-18217)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in main.c in a child process when handling overly long commands. A remote non-authenticated attacker can perform a denial of service attack by sending an overly log command to the affected FTP server.


2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-12815)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the application does not honor <Limit READ> and <Limit WRITE> configurations for SITE CPFR and SITE CPTO commands in the mod_copy module. A remote authenticated user with read permissions (e.g. user anonymous) can read contents of an arbitrary file on the server.




Remediation

Install update from vendor's website.

References