Sign-up

ID

VAR-201904-1022


CVE

CVE-2019-10953


TITLE

Programmable Logic Controller Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-003487

DESCRIPTION

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. Programmable Logic Controller Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. ABB/Phoenix Contact/Schneider Electric/Siemens/WAGO PLCs are prone to an remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition. There are resource management error vulnerabilities in many PLC products, which originate from improper management of system resources (such as memory, disk space, files, etc.) by the network system or products

Trust: 2.07

sources: NVD: CVE-2019-10953 // JVNDB: JVNDB-2019-003487 // BID: 108413 // VULHUB: VHN-142551 // VULMON: CVE-2019-10953

AFFECTED PRODUCTS

vendor:wagomodel:pfc100scope:eqversion: -

Trust: 1.0

vendor:schneider electricmodel:modicon m221scope:ltversion:1.10.0.0

Trust: 1.0

vendor:siemensmodel:6ed1052-1cc01-0ba8scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:6es7314-6eh04-0ab0scope:eqversion: -

Trust: 1.0

vendor:abbmodel:pm554-tp-ethscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:6es7211-1ae40-0xb0scope:eqversion: -

Trust: 1.0

vendor:wagomodel:ethernetscope:eqversion: -

Trust: 1.0

vendor:wagomodel:bacnet\/ipscope:eqversion: -

Trust: 1.0

vendor:wagomodel:knx ipscope:eqversion: -

Trust: 1.0

vendor:phoenixcontactmodel:ilc 151 ethscope:eqversion: -

Trust: 1.0

vendor:abbmodel:pm554-tp-ethscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:ilc 151 ethscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:modicon m221scope: - version: -

Trust: 0.8

vendor:siemensmodel:6ed1052-1cc01-0ba8scope: - version: -

Trust: 0.8

vendor:siemensmodel:6es7211-1ae40-0xb0scope: - version: -

Trust: 0.8

vendor:siemensmodel:6es7314-6eh04-0ab0scope: - version: -

Trust: 0.8

vendor:wagomodel:bacnet/ipscope: - version: -

Trust: 0.8

vendor:wagomodel:ethernetscope: - version: -

Trust: 0.8

vendor:wagomodel:knx ipscope: - version: -

Trust: 0.8

vendor:wagomodel:pfc100scope: - version: -

Trust: 0.8

vendor:wagomodel:controller pfc100scope:eqversion:(750-8100)0

Trust: 0.3

vendor:wagomodel:controller knx ipscope:eqversion:(750-889)0

Trust: 0.3

vendor:wagomodel:controller ethernetscope:eqversion:(750-880)0

Trust: 0.3

vendor:wagomodel:controller bacnet/ipscope:eqversion:(750-831)0

Trust: 0.3

vendor:siemensmodel:6es7314-6eh04-0ab0 simatic s7-314scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:6es7211-1ae40-0xb0 simatic s7-1211scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:6ed1052-1cc01-0ba8 logo!scope:eqversion:80

Trust: 0.3

vendor:schneider electricmodel:modicon m221scope:eqversion:0

Trust: 0.3

vendor:phoenixmodel:contact ilc ethscope:eqversion:27009741510

Trust: 0.3

vendor:abbmodel:1sap120600r0071 pm554-tp-ethscope:eqversion:0

Trust: 0.3

sources: BID: 108413 // JVNDB: JVNDB-2019-003487 // NVD: CVE-2019-10953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10953
value: HIGH

Trust: 1.0

NVD: CVE-2019-10953
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-770
value: HIGH

Trust: 0.6

VULHUB: VHN-142551
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-10953
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10953
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142551
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10953
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-10953
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142551 // VULMON: CVE-2019-10953 // JVNDB: JVNDB-2019-003487 // CNNVD: CNNVD-201904-770 // NVD: CVE-2019-10953

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-142551 // JVNDB: JVNDB-2019-003487 // NVD: CVE-2019-10953

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-770

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201904-770

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003487

PATCH
title:PM554-TP-ETHurl:https://new.abb.com/products/1SAP120600R0071/pm554-tp-ethac500-prog-logic-controller
Trust: 0.8
title:Controller - ILC 151 ETH - 2700974url:https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2700974&library=usen&pcck=P-08-12-08-07&tab=5&selectedCategory=ALL
Trust: 0.8
title:M221 firmwareurl:https://www.schneider-electric.com/en/download/document/M221+Firmware+V1.3/
Trust: 0.8
title:Top Pageurl:https://new.siemens.com/global/en.html
Trust: 0.8
title:トップページurl:https://www.wago.co.jp/
Trust: 0.8
title:CVE-2019-10953url:https://github.com/AlAIAL90/CVE-2019-10953 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-10953 // 
            
            
            
            JVNDB: JVNDB-2019-003487

EXTERNAL IDS
db:ICS CERTid:ICSA-19-106-03
Trust: 2.9
db:NVDid:CVE-2019-10953
Trust: 2.9
db:BIDid:108413
Trust: 2.1
db:JVNDBid:JVNDB-2019-003487
Trust: 0.8
db:CNNVDid:CNNVD-201904-770
Trust: 0.7
db:AUSCERTid:ESB-2019.1312
Trust: 0.6
db:VULHUBid:VHN-142551
Trust: 0.1
db:VULMONid:CVE-2019-10953
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142551 // 
            
            
            
            VULMON: CVE-2019-10953 // 
            
            
            
            BID: 108413 // 
            
            
            
            JVNDB: JVNDB-2019-003487 // 
            
            
            
            CNNVD: CNNVD-201904-770 // 
            
            
            
            NVD: CVE-2019-10953

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-106-03
Trust: 3.6
url:http://www.securityfocus.com/bid/108413
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-10953
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10953
Trust: 0.8
url:https://www.auscert.org.au/bulletins/79174
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-106-03
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/770.html
Trust: 0.1
url:https://github.com/alaial90/cve-2019-10953
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142551 // 
            
            
            
            VULMON: CVE-2019-10953 // 
            
            
            
            BID: 108413 // 
            
            
            
            JVNDB: JVNDB-2019-003487 // 
            
            
            
            CNNVD: CNNVD-201904-770 // 
            
            
            
            NVD: CVE-2019-10953

CREDITS
and Florian Fischer (Hochschule Augsburg), Jan-Ole Malchow (Freie Universität Berlin), and Florian Fischer (Hochschule Augsburg) reported this vulnerability to NCCIC.,Matthias Niedermaier (Hochschule Augsburg), Jan-Ole Malchow (Freie Universita¨t Berlin)
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-770

SOURCES
db:VULHUBid:VHN-142551
db:VULMONid:CVE-2019-10953
db:BIDid:108413
db:JVNDBid:JVNDB-2019-003487
db:CNNVDid:CNNVD-201904-770
db:NVDid:CVE-2019-10953

LAST UPDATE DATE
2024-11-23T21:59:59.558000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142551date:2020-10-02T00:00:00
db:VULMONid:CVE-2019-10953date:2021-08-19T00:00:00
db:BIDid:108413date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-003487date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-770date:2022-03-10T00:00:00
db:NVDid:CVE-2019-10953date:2024-11-21T04:20:13.450

SOURCES RELEASE DATE
db:VULHUBid:VHN-142551date:2019-04-17T00:00:00
db:VULMONid:CVE-2019-10953date:2019-04-17T00:00:00
db:BIDid:108413date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-003487date:2019-05-17T00:00:00
db:CNNVDid:CNNVD-201904-770date:2019-04-16T00:00:00
db:NVDid:CVE-2019-10953date:2019-04-17T15:29:00.843