CVE-2019-13945

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.

Category

6.8
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.14%
Vendor Advisory siemens.com
Affected: Siemens AG SIMATIC S7-1200 CPU family (incl. SIPLUS variants)
Affected: Siemens AG SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants)
Affected: Siemens AG SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)
Affected: Siemens AG SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)
Affected: Siemens AG SIMATIC S7-200 SMART CPU family
Published at:
Updated at:

References

Link Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-13945?
CVE-2019-13945 has been scored as a medium severity vulnerability.
How to fix CVE-2019-13945?
To fix CVE-2019-13945, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-13945 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2019-13945 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-13945?
CVE-2019-13945 affects Siemens AG SIMATIC S7-1200 CPU family (incl. SIPLUS variants), Siemens AG SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants), Siemens AG SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants), Siemens AG SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1), Siemens AG SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1), Siemens AG SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0), Siemens AG SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1), Siemens AG SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0), Siemens AG SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1), Siemens AG SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0), Siemens AG SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0), Siemens AG SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0), Siemens AG SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0), Siemens AG SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0), Siemens AG SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0), Siemens AG SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0), Siemens AG SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0), Siemens AG SIMATIC S7-200 SMART CPU family.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.