ID

VAR-201910-1595


CVE

CVE-2019-10936


TITLE

Multiple Siemens products vulnerable to resource depletion

Trust: 0.8

sources: JVNDB: JVNDB-2019-010605

DESCRIPTION

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Several Siemens products are vulnerable to resource exhaustion.Denial of service (DoS) May be in a state. Siemens SIMATIC CFU PA and so on are the products of Germany's Siemens company. Siemens SIMATIC CFU PA is a compact field device. SIMATIC ET 200AL is a distributed I / O system module. SIMATIC ET 200M is a modular I / O system module for control cabinets for high density channel applications. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions), SIMATIC HMI Comfort Panels 4" - 22" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. The following products and versions are affected: Siemens SIMATIC S7-1500 CPU series (including: related ET200 CPUs and SIPLUS variants); SIMATIC S7-1500 Software Controller; SIMATIC TDC CP51M1; SIMATIC TDC CPU555; SINAMICS DCM, etc

Trust: 2.43

sources: NVD: CVE-2019-10936 // JVNDB: JVNDB-2019-010605 // CNVD: CNVD-2019-36853 // IVD: ea2714fa-253a-4380-82d5-35652a5540fb // VULHUB: VHN-142532

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ea2714fa-253a-4380-82d5-35652a5540fb // CNVD: CNVD-2019-36853

AFFECTED PRODUCTS

vendor:siemensmodel:simatic cfu pascope:ltversion:1.2.0

Trust: 1.6

vendor:siemensmodel:simatic profinet driverscope:ltversion:2.1

Trust: 1.6

vendor:siemensmodel:dk standard ethernet controllerscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic et 200alscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic et 200mscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic et 200sscope: - version: -

Trust: 1.4

vendor:sinumerik 828dmodel: - scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1512cscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:sinamics sl150scope:ltversion:4.7

Trust: 1.0

vendor:siemensmodel:simatic s7-400 dp v7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panels 22\"scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics g150scope:eqversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1211cscope:ltversion:4.4.0

Trust: 1.0

vendor:siemensmodel:ek-ertec 200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics g130scope:eqversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn\/2 hfscope:ltversion:4.2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1212cscope:ltversion:4.4.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpuscope:ltversion:4.4.0

Trust: 1.0

vendor:siemensmodel:sinamics gm150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:sinamics dcpscope:ltversion:1.3

Trust: 1.0

vendor:siemensmodel:simatic s7-1500s cpuscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511cscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic et 200mscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500t cpuscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 314scope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:sinamics dcmscope:ltversion:1.5

Trust: 1.0

vendor:siemensmodel:simatic et 200ecopnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinumerik 828dscope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:sinamics sl150scope:eqversion:4.7

Trust: 1.0

vendor:siemensmodel:sinumerik 840d slscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200sscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn hfscope:ltversion:4.2.2

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winac rtx \scope:eqversion:2010

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 318-2scope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic et 200mp im 155-5 pn hfscope:ltversion:4.4.0

Trust: 1.0

vendor:siemensmodel:simatic pn\/pn couplerscope:ltversion:4.2.1

Trust: 1.0

vendor:siemensmodel:sinamics g120scope:eqversion:4.7

Trust: 1.0

vendor:siemensmodel:sinamics g110mscope:ltversion:4.7

Trust: 1.0

vendor:siemensmodel:simatic et 200proscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200mp im 155-5 pn bascope:ltversion:4.3.0

Trust: 1.0

vendor:siemensmodel:sinamics s120scope:eqversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panels 4\"scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518scope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:sinamics dcmscope:eqversion:1.5

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 313scope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn hascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics g120scope:ltversion:4.7

Trust: 1.0

vendor:siemensmodel:sinamics sm120scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:simatic et 200alscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1200 cpu 1214cscope:ltversion:4.4.0

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn hsscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et 200mp im 155-5 pn stscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics s120scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn bascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ek-ertec 200pscope:eqversion:4.6

Trust: 1.0

vendor:siemensmodel:dk standard ethernet controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics s110scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpuscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315-2 dpscope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:sinamics s150scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:sinumerik 828dscope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 312 ifmscope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic s7-400 v6scope:ltversion:6.0.9

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn\/3 hfscope:ltversion:4.2.1

Trust: 1.0

vendor:siemensmodel:sinamics g110mscope:eqversion:4.7

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn v7scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics g150scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 316-2 dpscope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic et 200sp im 155-6 pn stscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics g130scope:ltversion:5.2

Trust: 1.0

vendor:siemensmodel:ek-ertec 200pscope:ltversion:4.6

Trust: 1.0

vendor:siemensmodel:simatic s7-400h v6scope:ltversion:6.0.9

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 315scope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:sinamics gl150scope:eqversion:4.8

Trust: 1.0

vendor:siemensmodel:sinamics gm150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:simatic s7-410 v8scope:ltversion:8.2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpu 314 ifmscope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpuscope:ltversion:3.3.17

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panels 15\"scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics gl150scope:ltversion:4.8

Trust: 1.0

vendor:siemensmodel:sinamics s150scope:eqversion:5.2

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panels 7\"scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic winac rtx \scope:ltversion:2010

Trust: 1.0

vendor:siemensmodel:ek-ertec 200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ek-ertec 200p pscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cfu pascope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200mp im 155-5 pn bascope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200mp im 155-5 pn hfscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic et 200mp im 155-5 pn stscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-1200 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:ek-ertecscope:eqversion:200

Trust: 0.6

vendor:siemensmodel:ek-ertec 200pscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et 200mp im pn bascope:eqversion:155-5<4.2.3

Trust: 0.6

vendor:siemensmodel:simatic et 200mp im pn hfscope:eqversion:155-5

Trust: 0.6

vendor:siemensmodel:simatic et 200mp im pn stscope:eqversion:155-5

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn bascope:eqversion:155-6

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn hascope:eqversion:155-6

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn hfscope:eqversion:155-6<4.2.2

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn hsscope:eqversion:155-6

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn stscope:eqversion:155-6

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn/2 hfscope:eqversion:155-6<4.2.2

Trust: 0.6

vendor:siemensmodel:simatic et 200sp im pn/3 hfscope:eqversion:155-6<4.2.1

Trust: 0.6

vendor:siemensmodel:simatic et 200ecopnscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et 200proscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi comfort outdoor panels 7" & 15"scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi comfort panels 4" 22"scope:eqversion: -

Trust: 0.6

vendor:siemensmodel:simatic hmi ktp mobile panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pn/pn couplerscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-300 cpu familyscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-400 pn/dpscope:eqversion:v7

Trust: 0.6

vendor:siemensmodel:simatic s7-400 and belowscope:eqversion:v6

Trust: 0.6

vendor:siemensmodel:simatic s7-400hscope:eqversion:v6<6.0.9

Trust: 0.6

vendor:siemensmodel:simatic s7-410scope:eqversion:v8

Trust: 0.6

vendor:siemensmodel:simatic winac rtxscope:eqversion:2010

Trust: 0.6

vendor:siemensmodel:sinamics dcmscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics dcpscope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics g110m sp10 hf5scope:eqversion:v4.7<v4.7

Trust: 0.6

vendor:siemensmodel:sinamics g120 sp10 hf5scope:eqversion:v4.7<v4.7

Trust: 0.6

vendor:siemensmodel:sinamics g130scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics g150scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics gh150scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics gl150scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics gm150scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics s110scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics s120scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics s150scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics sl150scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinamics sm120scope:eqversion:v4.7

Trust: 0.6

vendor:siemensmodel:sinumerik 828d sp5scope:ltversion:v4.8

Trust: 0.6

vendor:siemensmodel:sinumerik 840d slscope: - version: -

Trust: 0.6

vendor:dk standard ethernet controllermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200smodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn bamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn hamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn hsmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn stmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn 2 hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200sp im 155 6 pn 3 hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200ecopnmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200promodel: - scope:eqversion:*

Trust: 0.2

vendor:ek ertec 200model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort outdoor panels 7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort outdoor panels 15model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort panels 4model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi comfort panels 22model: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi ktp mobile panelsmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic pn pn couplermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic profinet drivermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpumodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1211cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1212cmodel: - scope:eqversion:*

Trust: 0.2

vendor:ek ertec 200pmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1200 cpu 1214cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpumodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500s cpumodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500t cpumodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1518model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1511cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 1500 cpu 1512cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpumodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 312 ifmmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 313model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cfu pamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 314model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 314 ifmmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 315model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 315 2 dpmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 316 2 dpmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 300 cpu 318 2model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 pn v7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 dp v7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400 v6model: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 400h v6model: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200almodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic s7 410 v8model: - scope:eqversion:*

Trust: 0.2

vendor:simatic winac rtx f 2010model: - scope:eqversion: -

Trust: 0.2

vendor:sinamics dcmmodel: - scope:eqversion:*

Trust: 0.2

vendor:sinamics dcmmodel: - scope:eqversion:1.5

Trust: 0.2

vendor:sinamics dcpmodel: - scope:eqversion:*

Trust: 0.2

vendor:sinamics g110mmodel: - scope:eqversion:*

Trust: 0.2

vendor:sinamics g120model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics g130model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics g150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics gl150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics gm150model: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200mmodel: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s110model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s120model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics s150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics sl150model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics sm120model: - scope:eqversion: -

Trust: 0.2

vendor:sinumerik 828dmodel: - scope:eqversion:*

Trust: 0.2

vendor:sinumerik 840d slmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200mp im 155 5 pn bamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200mp im 155 5 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et 200mp im 155 5 pn stmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ea2714fa-253a-4380-82d5-35652a5540fb // CNVD: CNVD-2019-36853 // JVNDB: JVNDB-2019-010605 // NVD: CVE-2019-10936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-10936
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2019-10936
value: HIGH

Trust: 1.0

NVD: CVE-2019-10936
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-36853
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-639
value: HIGH

Trust: 0.6

IVD: ea2714fa-253a-4380-82d5-35652a5540fb
value: HIGH

Trust: 0.2

VULHUB: VHN-142532
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-10936
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-36853
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ea2714fa-253a-4380-82d5-35652a5540fb
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-142532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-10936
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2019-10936
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: ea2714fa-253a-4380-82d5-35652a5540fb // CNVD: CNVD-2019-36853 // VULHUB: VHN-142532 // JVNDB: JVNDB-2019-010605 // CNNVD: CNNVD-201910-639 // NVD: CVE-2019-10936 // NVD: CVE-2019-10936

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-142532 // JVNDB: JVNDB-2019-010605 // NVD: CVE-2019-10936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-639

TYPE

Resource management error

Trust: 0.8

sources: IVD: ea2714fa-253a-4380-82d5-35652a5540fb // CNNVD: CNNVD-201910-639

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010605

PATCH

title:SSA-473245url:https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

Trust: 0.8

title:Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-36853)url:https://www.cnvd.org.cn/patchInfo/show/186551

Trust: 0.6

sources: CNVD: CNVD-2019-36853 // JVNDB: JVNDB-2019-010605

EXTERNAL IDS

db:NVDid:CVE-2019-10936

Trust: 3.3

db:SIEMENSid:SSA-473245

Trust: 1.7

db:ICS CERTid:ICSA-19-283-02

Trust: 1.4

db:CNNVDid:CNNVD-201910-639

Trust: 0.9

db:CNVDid:CNVD-2019-36853

Trust: 0.8

db:JVNDBid:JVNDB-2019-010605

Trust: 0.8

db:AUSCERTid:ESB-2019.3813

Trust: 0.6

db:AUSCERTid:ESB-2019.3813.3

Trust: 0.6

db:IVDid:EA2714FA-253A-4380-82D5-35652A5540FB

Trust: 0.2

db:VULHUBid:VHN-142532

Trust: 0.1

sources: IVD: ea2714fa-253a-4380-82d5-35652a5540fb // CNVD: CNVD-2019-36853 // VULHUB: VHN-142532 // JVNDB: JVNDB-2019-010605 // CNNVD: CNNVD-201910-639 // NVD: CVE-2019-10936

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

Trust: 1.7

url:https://www.us-cert.gov/ics/advisories/icsa-19-283-02

Trust: 1.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-10936

Trust: 1.4

url:https://vigilance.fr/vulnerability/simatic-denial-of-service-via-profinet-udp-packets-30562

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/html/ssa-473245.html

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10936

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.3813/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-283-02

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3813.3/

Trust: 0.6

sources: CNVD: CNVD-2019-36853 // VULHUB: VHN-142532 // JVNDB: JVNDB-2019-010605 // CNNVD: CNNVD-201910-639 // NVD: CVE-2019-10936

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-201910-639

SOURCES

db:IVDid:ea2714fa-253a-4380-82d5-35652a5540fb
db:CNVDid:CNVD-2019-36853
db:VULHUBid:VHN-142532
db:JVNDBid:JVNDB-2019-010605
db:CNNVDid:CNNVD-201910-639
db:NVDid:CVE-2019-10936

LAST UPDATE DATE

2024-08-14T15:38:42.839000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-36853date:2019-10-23T00:00:00
db:VULHUBid:VHN-142532date:2023-01-10T00:00:00
db:JVNDBid:JVNDB-2019-010605date:2019-11-15T00:00:00
db:CNNVDid:CNNVD-201910-639date:2023-05-10T00:00:00
db:NVDid:CVE-2019-10936date:2024-07-09T12:15:04.630

SOURCES RELEASE DATE

db:IVDid:ea2714fa-253a-4380-82d5-35652a5540fbdate:2019-10-23T00:00:00
db:CNVDid:CNVD-2019-36853date:2019-10-23T00:00:00
db:VULHUBid:VHN-142532date:2019-10-10T00:00:00
db:JVNDBid:JVNDB-2019-010605date:2019-10-17T00:00:00
db:CNNVDid:CNNVD-201910-639date:2019-10-09T00:00:00
db:NVDid:CVE-2019-10936date:2019-10-10T14:15:14.707