Publication Date:
Last Update:
Current Version: V2.2
CVSS v3.1 Base Score: 7.5
Un-/Collapse All
Affected Product and Versions Remediation

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions >= V5.1.1 < V5.1.2
affected by CVE-2019-19300

All versions >= V5.1.1 < V5.1.2
affected by CVE-2019-19300

All versions >= V5.1.1 < V5.1.2
affected by CVE-2019-19300

All versions >= V5.1.1 < V5.1.3
affected by CVE-2019-19300

All versions >= V5.1.1 < V5.1.2
affected by CVE-2019-19300

All versions >= V5.1.1 < V5.1.2
affected by CVE-2019-19300

All versions
affected by CVE-2019-19300
Currently no fix is planned
Expand children
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned
Expand children
Currently no fix is planned
Expand children
Currently no fix is planned

All versions >= V4.2.0
affected by CVE-2019-19300
Currently no fix is planned

All versions < V2.0
affected by CVE-2019-19300

All versions < V2.0
affected by CVE-2019-19300

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions >= V4.2
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is available
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is available
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions < V4.4.0
affected by CVE-2019-19300

All versions < V2.0
affected by CVE-2019-19300

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned

All versions >= V4.2
affected by CVE-2019-19300
Currently no fix is planned

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

All versions
affected by CVE-2019-19300
Currently no fix is planned
As a mitigation, disable the ethernet ports on the CPU and use a communication module (like CP) for communication instead

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption

https://www.siemens.com/cert/advisories
V1.0 (2020-04-14): Publication Date
V1.1 (2020-05-12): Added SIMATIC S7-400 H V6 CPU family and below to the list of affected products
V1.2 (2021-03-09): Added Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (P) to the list of affected products
V1.3 (2022-02-08): No remediation planned for SIMATIC ET200 devices
V1.4 (2022-03-11): Added mitigation measure for SIMATIC S7-300 and S7-400
V1.5 (2022-03-28): Updated fix and mitigation measures for SIMATIC S7-300 and S7-400
V1.6 (2022-04-12): Cleanup due to template changes, no change of contents
V1.7 (2022-06-14): Added SIMATIC S7-1200 CPU family, ET200SP/MP/AL/EcoPN and PN/xx Coupler to the list of affected products
V1.8 (2022-12-13): Added fix for SIMATIC S7-410 CPU family (incl. SIPLUS variants)
V1.9 (2023-01-10): Removed fix for SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) and added SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) to the list of affected products
V2.0 (2023-02-14): Added additional SIMATIC ET200ecoPN products (CM 4x IO-Link, M12-L / CM 8x IO-Link, M12-L / AI 8xRTD/TC, M12-L) to the list of affected products
V2.1 (2024-05-14): Added fix for several SIMATIC ET200ecoPN devices
V2.2 (2024-07-09): Listed affected products individually instead of product families (e.g., for SIMATIC ET 200AL/MP/SP/pro IM families); added affected SIPLUS devices (e.g., SIPLUS ET 200xx IM)