CVE-2019-13940

Name: CVE-2019-13940
Creator: NVD / NIST
Published: 2020-02-11T16:15:14.773+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 1.66%

Last modified Jun 17, 2026

CVE-2019-13940 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. EPSS estimates a 1.66% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX 2010 (All versions), SIMATIC WinAC RTX F 2010 (All versions), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.X.17), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.X.17). Affected devices contain a vulnerability that could cause a denial of service condition of the web server by sending specially crafted HTTP requests to ports 80/tcp and 443/tcp. Beyond the web service, no other functions or interfaces are affected by the denial of service condition.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

1.66%

73.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	S7-1200 Cpu 1211c Firmware	< 4.1
Siemens	S7-1200 Cpu 1212c Firmware	< 4.1
Siemens	S7-1200 Cpu 1214c Firmware	< 4.1
Siemens	S7-1200 Cpu 1215c Firmware	< 4.1
Siemens	S7-1200 Cpu 1217c Firmware	< 4.1
Siemens	S7-1200 Cpu 1212fc Firmware	< 4.1
Siemens	S7-1200 Cpu 1214fc Firmware	< 4.1
Siemens	S7-1200 Cpu 1215fc Firmware	< 4.1
Siemens	Siplus S7-1200 Firmware	< 4.1
Siemens	Siplus Cpu 1211c Firmware	< 4.1
Siemens	Siplus Cpu 1212c Firmware	< 4.1
Siemens	Siplus Cpu 1214c Firmware	<= 4.1
Siemens	Siplus Cpu 1215c Firmware	< 4.1
Siemens	Simatic S7-300 Cpu 319-3 Pn\/Dp Firmware	All versions
Siemens	Simatic S7-300 Cpu 315-2dp Firmware	All versions
Siemens	Simatic S7-300 Cpu 315-2 Pn\/Dp Firmware	All versions
Siemens	Simatic S7-300 Cpu 317-2 Dp Firmware	All versions
Siemens	Simatic S7-300 Cpu 317-2 Pn\/Dp Firmware	All versions
Siemens	Siplus S7-300 Cpu 314 Firmware	All versions
Siemens	Siplus S7-300 Cpu 315-2 Dp Firmware	All versions
Siemens	Siplus S7-300 Cpu 315-2 Pn\/Dp Firmware	All versions
Siemens	Siplus S7-300 Cpu 317-2 Pn\/Dp Firmware	All versions
Siemens	Simatic S7-400 Pn\/Dp Cpu Firmware	All versions
Siemens	Simatic Winac Rtx \(F\) 2010	All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdfVendor Advisory

Timeline

Published: Feb 11, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-13940?

How severe is CVE-2019-13940?

CVE-2019-13940 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.66% probability of exploitation in the next 30 days.

How do I fix CVE-2019-13940?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-13940?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST