CVE-2019-6576
6.5 MEDIUMA vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor P...
Published: 2019-05-14 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-310
Affected products
| Vendor | Product |
|---|---|
| siemens | simatic_hmi_comfort_outdoor_panels_firmware, simatic_hmi_comfort_panels_firmware, simatic_hmi_ktp_mobile_panels_ktp400f_firmware |
Description
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). An attacker with network access to affected devices could potentially obtain a TLS session key. If the attacker is able to observe TLS traffic between a legitimate user and the device, then the attacker could decrypt the TLS traffic. The security vulnerability could be exploited by an attacker who has network access to the web interface of the device and who is able to observe TLS traffic between legitimate users and the web interface of the affected device. The vulnerability could impact the confidentiality of the communication between the affected device and a legitimate user. At the time of advisory publication no public exploitation of the security vulnerability was known.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-6576
- [Other]http://www.securityfocus.com/bid/108412
- [Vendor advisory]https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf
- [Other]https://www.us-cert.gov/ics/advisories/ICSA-19-134-09
- [Other]http://www.securityfocus.com/bid/108412
- [Vendor advisory]https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf
- [Other]https://www.us-cert.gov/ics/advisories/ICSA-19-134-09
Related CVEs
Same vendor
- CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)
- CVE-2026-33893 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce... (7.5 HIGH)
- CVE-2026-33862 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamce... (7.3 HIGH)
- CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
- CVE-2026-35535 — In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mai... (7.4 HIGH)
Same CWE
- CVE-2026-49000 — An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management... (7.0 HIGH)
- CVE-2017-14852 — An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SS... (8.6 HIGH)
- CVE-2015-4000 — The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DH... (3.7 LOW)
- CVE-2014-3566 — The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for ... (3.4 LOW)
- CVE-2004-2761 — The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing at... (9.8 CRITICAL)