TightVNC Vulnerabilities in Industrial Products (Revoked)

Act Now9.8SSA-478893Dec 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple TightVNC (V1.x) vulnerabilities were initially reported to potentially affect SIMATIC HMI panels, mobile panels, and industrial terminals. However, Siemens' investigation concluded that none of the previously listed products are affected by any vulnerability in this advisory. This advisory is revoked.

What this means

What could happen

This advisory has been revoked. Siemens' investigation determined that none of the listed products are actually affected by the TightVNC vulnerabilities previously reported.

Who's at risk

This advisory is revoked and does not indicate any actual vulnerability. It previously mentioned HMI panels and industrial terminals in manufacturing environments, but these products are confirmed unaffected.

How it could be exploited

Not applicable. No actual vulnerability exists in these products.

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (11)

11 pending

ProductAffected VersionsFix Status

SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants)No versionNo fix yet

SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants)No versionNo fix yet

SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900FNo versionNo fix yet

SIMATIC ITC1500 V3.1No versionNo fix yet

SIMATIC ITC1500 V3.1 PRONo versionNo fix yet

SIMATIC ITC1900 V3.1No versionNo fix yet

SIMATIC ITC1900 V3.1 PRONo versionNo fix yet

SIMATIC ITC2200 V3.1No versionNo fix yet

Remediation & Mitigation

0/1

Long-term hardening

0/1

HARDENINGNo remediation required. This advisory is revoked and all products listed are confirmed not affected.

CVEs (4)

CVE-2019-8287 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0368d5e2-dd28-452b-8487-062f4de88a81