CVE-2019-19282: 
Siemens SIMATIC WinCC vulnerability analysis and mitigation

A vulnerability (CVE-2019-19282) has been identified in multiple versions of Siemens industrial software products including OpenPCS 7, SIMATIC BATCH, SIMATIC NET PC Software, SIMATIC PCS 7, SIMATIC Route Control, and SIMATIC WinCC. The vulnerability was discovered in 2019 and affects encrypted communications in these systems (MITRE CVE).

When encrypted communication is enabled, the vulnerability allows an attacker with network access to compromise system availability through specially crafted messages. The attack requires no system privileges or user interaction to be successful (NVD).

The successful exploitation of this vulnerability can result in a Denial-of-Service (DoS) condition, affecting the availability of the targeted system (MITRE CVE).

Siemens has released updates for the affected products. The fixed versions include: OpenPCS 7 V9.0 Upd3, SIMATIC BATCH V8.2 Upd12, SIMATIC BATCH V9.0 SP1 Upd5, SIMATIC NET PC Software V14 SP1 Update 14, SIMATIC NET PC Software V16 Update 1, SIMATIC PCS 7 V9.0 SP3, SIMATIC Route Control V9.0 Upd4, SIMATIC WinCC V7.4 SP1 Update 14, and SIMATIC WinCC V7.5 SP1 Update 1 (Siemens Advisory).