CVE-2019-6575

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.

Published: 2019-04-17 Last update: 2026-06-03 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2019-6575 is rated Moderate Risk (56.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.63%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2019-6575

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.12% 1.63% +0.51%
2 2025-11-26 1.33% 1.12% -0.20%
3 2025-04-20 1.33%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-6575

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 [email protected]
7.5 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0
7.8 2.0 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 6.9 [email protected]

Weakness enumeration for CVE-2019-6575

Affected software / configurations for CVE-2019-6575

Vendor Product Version Raw CPE
siemens simatic_cp443-1_opc_ua_firmware cpe:2.3:o:siemens:simatic_cp443-1_opc_ua_firmware:*:*:*:*:*:*:*:*
siemens simatic_et_200_open_controller_cpu_1515sp_pc2_firmware < 2.7 cpe:2.3:o:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2_firmware:*:*:*:*:*:*:*:*
siemens simatic_ipc_diagmonitor_firmware cpe:2.3:o:siemens:simatic_ipc_diagmonitor_firmware:*:*:*:*:*:*:*:*
siemens simatic_net_pc_software_firmware cpe:2.3:o:siemens:simatic_net_pc_software_firmware:*:*:*:*:*:*:*:*
siemens simatic_rf188c_firmware cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*
siemens simatic_rf600r_firmware cpe:2.3:o:siemens:simatic_rf600r_firmware:*:*:*:*:*:*:*:*
siemens simatic_s7-1500_firmware <= 2.5 cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*
siemens opc_unified_architecture cpe:2.3:a:siemens:opc_unified_architecture:*:*:*:*:*:*:*:*
siemens simatic_s7-1500_software_controller <= 2.5 cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*
siemens simatic_wincc_oa < 3.15-p018 cpe:2.3:a:siemens:simatic_wincc_oa:*:*:*:*:*:*:*:*
siemens simatic_wincc_runtime_advanced cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*
siemens simatic_wincc_runtime_comfort cpe:2.3:a:siemens:simatic_wincc_runtime_comfort:*:*:*:*:*:*:*:*
siemens simatic_wincc_runtime_hsp_comfort cpe:2.3:a:siemens:simatic_wincc_runtime_hsp_comfort:*:*:*:*:*:*:*:*
siemens simatic_wincc_runtime_mobile cpe:2.3:a:siemens:simatic_wincc_runtime_mobile:*:*:*:*:*:*:*:*
siemens sinec-nms < 1.0 cpe:2.3:a:siemens:sinec-nms:*:*:*:*:*:*:*:*
siemens sinec-nms 1.0 cpe:2.3:a:siemens:sinec-nms:1.0:-:*:*:*:*:*:*
siemens sinema_server cpe:2.3:a:siemens:sinema_server:*:*:*:*:*:*:*:*
siemens sinumerik_opc_ua_server < 2.1 cpe:2.3:a:siemens:sinumerik_opc_ua_server:*:*:*:*:*:*:*:*
siemens telecontrol_server_basic < 3.1.1 cpe:2.3:a:siemens:telecontrol_server_basic:*:*:*:*:*:*:*:*
siemens simatic_s7-1500f_firmware <= 2.5 cpe:2.3:o:siemens:simatic_s7-1500f_firmware:*:*:*:*:*:*:*:*
siemens simatic_s7-1500s_firmware <= 2.5 cpe:2.3:o:siemens:simatic_s7-1500s_firmware:*:*:*:*:*:*:*:*
siemens simatic_s7-1500t_firmware <= 2.5 cpe:2.3:o:siemens:simatic_s7-1500t_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_comfort_outdoor_panels_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_comfort_outdoor_panels_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:15.1:upd_3:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp400f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:15.1:upd_3:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:15.1:upd_3:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:15.1:upd_3:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp700_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:15.1:upd_3:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware < 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:*:*:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:-:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_1:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_2:*:*:*:*:*:*
siemens simatic_hmi_ktp_mobile_panels_ktp900f_firmware 15.1 cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:15.1:upd_3:*:*:*:*:*:*

References for CVE-2019-6575

cvelogic Threat Intelligence