{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "WinCC (Windows Control Center) ist ein PC-basiertes Prozessvisualisierungssystem von Siemens.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Siemens SIMATIC WinCC ausnutzen, um einen Denial of Service Angriff durchzuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-0906 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0906.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-0906 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0906"
    }, {
      "category" : "external",
      "summary" : "Siemens Security Advisory vom 2023-04-10",
      "url" : "https://cert-portal.siemens.com/productcert/html/ssa-270778.html"
    } ],
    "source_lang" : "en-US",
    "title" : "Siemens SIMATIC WinCC: Schwachstelle ermöglicht Denial of Service",
    "tracking" : {
      "current_release_date" : "2023-04-10T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:48:24.976+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-0906",
      "initial_release_date" : "2023-04-10T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2023-04-10T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V14 SP1 Update 10",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V14 SP1 Update 10",
            "product_id" : "T027147",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v14_sp1_update_10"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V13 SP2",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V13 SP2",
            "product_id" : "T027148",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v13_sp2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V15.1 Update 5",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V15.1 Update 5",
            "product_id" : "T027149",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v15.1_update_5"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V16 Update 1",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V16 Update 1",
            "product_id" : "T027150",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v16_update_1"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC V7.3",
          "product" : {
            "name" : "Siemens SIMATIC WinCC V7.3",
            "product_id" : "T027151",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v7.3"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V7.4 SP1 Update 14",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V7.4 SP1 Update 14",
            "product_id" : "T027152",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v7.4_sp1_update_14"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Siemens SIMATIC WinCC < V7.5 SP1 Update 1",
          "product" : {
            "name" : "Siemens SIMATIC WinCC < V7.5 SP1 Update 1",
            "product_id" : "T027153",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:siemens:simatic_wincc:v7.5_sp1_update_1"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "SIMATIC WinCC"
      } ],
      "category" : "vendor",
      "name" : "Siemens"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2019-19282",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Siemens SIMATIC WinCC. Wenn die verschlüsselte Kommunikation aktiviert ist, kann die Verfügbarkeit des Gerätes durch speziell gestaltete Nachrichten gefährdet werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service zu verursachen."
    } ],
    "product_status" : {
      "known_affected" : [ "T027151" ]
    },
    "release_date" : "2023-04-10T22:00:00.000+00:00",
    "title" : "CVE-2019-19282"
  } ]
}