CVE-2019-13945
CVE-2019-13945 is a medium-severity vulnerability in Siemens Simatic S7-1200 Firmware with a CVSS 3.x base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-749.
Key facts
- Severity: Medium (CVSS 3.x base score 6.8)
- CVSS v2: 4.6
- EPSS exploit prediction: 1% (41st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-749
- Affected product: Siemens Simatic S7-1200 Firmware
- Published:
- Last modified:
Description
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
Frequently asked questions
- What is CVE-2019-13945?
- A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
- How severe is CVE-2019-13945?
- CVE-2019-13945 has a CVSS 3.x base score of 6.8, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2019-13945 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (41st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2019-13945?
- CVE-2019-13945 primarily affects Siemens Simatic S7-1200 Firmware. In total, 16 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2019-13945?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2019-13945 published?
- CVE-2019-13945 was published on 2019-12-12 and last updated on 2026-06-17.
References
Affected products (16)
- cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:s7-200_smart_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st30_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_st60_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_sr20_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_sr30_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_sr40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_sr60_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr40_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr60_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr20s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr30s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr40s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-200_smart_cpu_cr60s_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Siemens Simatic S7-1200 Firmware
- CVE-2013-2780 — High (CVSS 7.8): Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition…
- CVE-2013-0700 — High (CVSS 7.8): Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition…
- CVE-2020-28400 — High (CVSS 7.5): Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service…
- CVE-2018-13815 — High (CVSS 7.5): A vulnerability has been identified in SIMATIC S7-1200 (All versions), SIMATIC S7-1500 (All Versions < V2.6). An…
- CVE-2017-12741 — High (CVSS 7.5): Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be…
- CVE-2017-2681 — Medium (CVSS 6.5): Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a…
All CVEs affecting Siemens Simatic S7-1200 Firmware →
Other CWE-749 vulnerabilities
- CVE-2023-40151 — Critical (CVSS 10.0): When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK…
- CVE-2026-55454 — Critical (CVSS 9.9): Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy…
- CVE-2026-30957 — Critical (CVSS 9.9): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors…
- CVE-2026-30921 — Critical (CVSS 9.9): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors…
- CVE-2019-18342 — Critical (CVSS 9.9): A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default…
- CVE-2025-59403 — Critical (CVSS 9.8): The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks…