Rewterz Threat Advisory – ICS: Siemens SIMATIC CP 1543-1

February 13, 2020

Severity

High

Analysis Summary

CVE-2019-12815

An arbitrary file copy vulnerability in mod_copy of the embedded FTP server allows for remote code execution and information disclosure without authentication.

CVE-2019-18217

Incorrect handling of overly long commands in the embedded FTP server allow an attacker to cause a denial-of-service condition by entering an infinite loop.

Impact

Remote code execution
Information disclosure without authentication
Denial of service.

Affected Vendors

Siemens

Affected Products

SIMATIC CP 1543-1 all versions starting at 2.0 and prior to 2.2

Remediation

Update to latest Version 2.2

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us