CVE-2019-13940 : What You Need to Know

A security flaw has been discovered in several models of SIMATIC and SIPLUS devices, potentially leading to a denial of service situation for the affected devices' web server.

Understanding CVE-2019-13940

What is CVE-2019-13940?

CVE-2019-13940 is a vulnerability found in various Siemens SIMATIC and SIPLUS devices that could be exploited to trigger a denial of service scenario by sending specially crafted HTTP requests to specific ports.

The Impact of CVE-2019-13940

The vulnerability could result in a denial of service situation for the web server of affected devices, affecting their availability.

Technical Details of CVE-2019-13940

Vulnerability Description

CWE-400: Uncontrolled Resource Consumption vulnerability

Affected Systems and Versions

The following Siemens products are affected:

SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17)
SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17)
SIMATIC S7-1200 CPU family (All versions < V4.1)
SIMATIC S7-300 CPU series (All versions < V3.X.17)
SIMATIC S7-400 PN/DP V6 and below CPU family
SIMATIC WinAC RTX 2010
SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17)
SIPLUS S7-300 CPU series (All versions < V3.X.17)

Exploitation Mechanism

The issue can be triggered by sending specifically crafted HTTP requests to ports 80/tcp and 443/tcp on the affected devices.

Mitigation and Prevention

Immediate Steps to Take

Apply vendor-supplied patches or updates
Implement network segmentation to restrict access to vulnerable devices
Monitor network traffic for any suspicious activity

Long-Term Security Practices

Regularly update and patch all software and firmware
Conduct security assessments and penetration testing
Educate staff on cybersecurity best practices

Patching and Updates

It is crucial to apply the necessary patches or updates provided by Siemens to address the vulnerability and enhance the security of the affected devices.