Rewterz Threat Advisory – CVE-2019-13945 – ICS: Undocumented access feature in Siemens SIMATIC PLCs Code Execution Vulnerability

Severity

Medium

Analysis Summary

There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. Using this functionality requires physical access to the UART interface during boot process.

Impact

Execution arbitrary code

Affected Vendors

Siemens

Affected Products

SIMATIC S7-1200 All versions

Remediation

Apply in depth defense:

https://assets.new.siemens.com/siemens/assets/api/uuid:411e91564a2d259ecd4b6c79b51f89c044b3de81/operational-guidelines-industrial-security-en.pdf