ID

VAR-202002-0449


CVE

CVE-2019-13946


TITLE

Resource exhaustion vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2019-014603

DESCRIPTION

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program's failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions)

Trust: 2.43

sources: NVD: CVE-2019-13946 // JVNDB: JVNDB-2019-014603 // CNVD: CNVD-2020-23039 // IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // VULMON: CVE-2019-13946

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // CNVD: CNVD-2020-23039

AFFECTED PRODUCTS

vendor:siemensmodel:scalance xb-200scope:ltversion:3.0

Trust: 1.6

vendor:siemensmodel:scalance xc-200scope:ltversion:3.0

Trust: 1.6

vendor:siemensmodel:scalance xp-200scope:ltversion:3.0

Trust: 1.6

vendor:siemensmodel:scalance xf-200bascope:ltversion:3.0

Trust: 1.6

vendor:siemensmodel:scalance xr-300wgscope:ltversion:3.0

Trust: 1.6

vendor:siemensmodel:sinamics dcpscope:ltversion:1.3

Trust: 1.6

vendor:siemensmodel:ruggedcom rm1224scope:ltversion:4.3

Trust: 1.6

vendor:siemensmodel:simatic et200mp im155-5 pn hfscope:ltversion:4.2.0

Trust: 1.6

vendor:siemensmodel:simatic et200mp im155-5 pn stscope:ltversion:4.1.0

Trust: 1.6

vendor:siemensmodel:simatic et200sp im155-6 pn hfscope:ltversion:3.3.1

Trust: 1.6

vendor:siemensmodel:simatic et200sp im155-6 pn stscope:ltversion:4.1.0

Trust: 1.6

vendor:siemensmodel:scalance xb-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic mv440scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic ipc supportscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic rf600scope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:im 154-4 pn hfscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m-800scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic et200m im153-4 pn io stscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200ecopnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic mv420scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200irtscope:ltversion:5.3

Trust: 1.0

vendor:siemensmodel:simatic rf180cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200al im 157-1 pnscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance w700 ieee 802.11nscope:lteversion:6.0.1

Trust: 1.0

vendor:siemensmodel:scalance x-400scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:scalance xr528scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xm-400scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:simatic cp 1616scope:ltversion:2.8

Trust: 1.0

vendor:siemensmodel:scalance xc-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr524scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:simatic et200sp im155-6 pn basicscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:profinet driverscope:ltversion:2.1

Trust: 1.0

vendor:siemensmodel:ek-ertec 200pscope:ltversion:4.6

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1 advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1 erpcscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr552scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:simatic et200proscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1 leanscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1 advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200sscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr526scope:ltversion:6.0

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1 opc uascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:im 154-3 pn hfscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic pn\/pn couplerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 1604scope:ltversion:2.8

Trust: 1.0

vendor:siemensmodel:scalance xf-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ek-ertec 200scope:ltversion:4.5

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:4.3

Trust: 1.0

vendor:siemensmodel:simatic rf182cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:dk standard ethernet controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200m im153-4 pn io hfscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:dk standard ethernet controllerscope: - version: -

Trust: 0.8

vendor:siemensmodel:ek-ertec 200scope: - version: -

Trust: 0.8

vendor:siemensmodel:ek-ertec 200p pscope: - version: -

Trust: 0.8

vendor:siemensmodel:profinet driverscope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom rm1224scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance w700 ieee 802.11nscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xc-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic ipc supportscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp leanscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:simatic cp advancedscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:simatic rf182cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pn/pn coupler 6es7158-3ad01-0xa0scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1616<2.8

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:1604<2.8

Trust: 0.6

vendor:siemensmodel:simatic cp advancedscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:development/evaluation kits for profinet io dk standard ethernet controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:development/evaluation kits for profinet io ek-ertecscope:eqversion:200<4.5

Trust: 0.6

vendor:siemensmodel:development/evaluation kits for profinet io ek-ertec 200pscope:ltversion:4.6

Trust: 0.6

vendor:siemensmodel:profinet driver for controllerscope:ltversion:2.1

Trust: 0.6

vendor:siemensmodel:scalance m-800/s615scope:ltversion:4.3

Trust: 0.6

vendor:siemensmodel:scalance w700 ieee 802.11nscope:lteversion:<=6.0.1

Trust: 0.6

vendor:siemensmodel:scalance switchscope:eqversion:x-200

Trust: 0.6

vendor:siemensmodel:scalance x-200irt switchscope:ltversion:5.3

Trust: 0.6

vendor:siemensmodel:scalance switchscope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:scalance xm-400 switchscope:ltversion:6.0

Trust: 0.6

vendor:siemensmodel:scalance xr-500 switchscope:ltversion:6.0

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:simatic cp erpcscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic cp opc uascope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic et200al im pnscope:eqversion:157-1

Trust: 0.6

vendor:siemensmodel:simatic et200m im153-4 pn io hfscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200m im153-4 pn io stscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200sscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 pn basicscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200ecopnscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic ipc support,package for vxworksscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200pro,im pn hfscope:eqversion:154-3

Trust: 0.6

vendor:siemensmodel:simatic et200pro,im pn hfscope:eqversion:154-4

Trust: 0.6

vendor:siemensmodel:simatic mv400scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf180cscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic rf600scope:ltversion:3

Trust: 0.6

vendor:scalance xp 200model: - scope:eqversion:*

Trust: 0.4

vendor:scalance xb 200model: - scope:eqversion:*

Trust: 0.4

vendor:scalance xr 300wgmodel: - scope:eqversion:*

Trust: 0.4

vendor:scalance xc 200model: - scope:eqversion:*

Trust: 0.4

vendor:dk standard ethernet controllermodel: - scope:eqversion:*

Trust: 0.2

vendor:profinet drivermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic ipc supportmodel: - scope:eqversion: -

Trust: 0.2

vendor:scalance x 200irtmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 200irt promodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 300model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xr 300model: - scope:eqversion:*

Trust: 0.2

vendor:ek ertec 200model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xf 200bamodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance x 400model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xm 400model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xr524model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xr526model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xr528model: - scope:eqversion:*

Trust: 0.2

vendor:scalance xr552model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 1616model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 1604model: - scope:eqversion:*

Trust: 0.2

vendor:ek ertec 200pmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 343 1model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 343 1 advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 343 1 erpcmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 343 1 leanmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 443 1model: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 443 1 advancedmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic cp 443 1 opc uamodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200al im 157 1 pnmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200m im153 4 pn io hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200m im153 4 pn io stmodel: - scope:eqversion:*

Trust: 0.2

vendor:ruggedcom rm1224model: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200mp im155 5 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200mp im155 5 pn stmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200smodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200sp im155 6 pn basicmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200sp im155 6 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200sp im155 6 pn stmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200ecopnmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic et200promodel: - scope:eqversion:*

Trust: 0.2

vendor:im 154 3 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:im 154 4 pn hfmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance m 800model: - scope:eqversion:*

Trust: 0.2

vendor:simatic mv440model: - scope:eqversion:*

Trust: 0.2

vendor:simatic mv420model: - scope:eqversion:*

Trust: 0.2

vendor:simatic pn pn couplermodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf180cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf182cmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic rf600model: - scope:eqversion:*

Trust: 0.2

vendor:sinamics dcpmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance s615model: - scope:eqversion:*

Trust: 0.2

vendor:scalance w700 ieee 802 11nmodel: - scope:eqversion:*

Trust: 0.2

vendor:scalance xf 200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // CNVD: CNVD-2020-23039 // JVNDB: JVNDB-2019-014603 // NVD: CVE-2019-13946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13946
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2019-13946
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-014603
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-23039
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-455
value: HIGH

Trust: 0.6

IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9
value: HIGH

Trust: 0.2

VULMON: CVE-2019-13946
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13946
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014603
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-23039
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-13946
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-014603
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // CNVD: CNVD-2020-23039 // VULMON: CVE-2019-13946 // JVNDB: JVNDB-2019-014603 // CNNVD: CNNVD-202002-455 // NVD: CVE-2019-13946 // NVD: CVE-2019-13946

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2019-014603 // NVD: CVE-2019-13946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-455

TYPE

Resource management error

Trust: 0.8

sources: IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // CNNVD: CNNVD-202002-455

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014603

PATCH

title:SSA-780073url:https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf

Trust: 0.8

title:Patch for Multiple Siemens product resource management error vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/214023

Trust: 0.6

title:Multiple Siemens Product resource management error vulnerability fixesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=108751

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8b423421a5be04457be73209a34b15cb

Trust: 0.1

sources: CNVD: CNVD-2020-23039 // VULMON: CVE-2019-13946 // JVNDB: JVNDB-2019-014603 // CNNVD: CNNVD-202002-455

EXTERNAL IDS

db:NVDid:CVE-2019-13946

Trust: 3.3

db:SIEMENSid:SSA-780073

Trust: 1.7

db:ICS CERTid:ICSA-20-042-04

Trust: 1.5

db:ICS CERTid:ICSA-20-042-05

Trust: 1.2

db:CNVDid:CNVD-2020-23039

Trust: 0.8

db:CNNVDid:CNNVD-202002-455

Trust: 0.8

db:JVNDBid:JVNDB-2019-014603

Trust: 0.8

db:ICS CERTid:ICSA-20-042-08

Trust: 0.6

db:ICS CERTid:ICSA-20-042-07

Trust: 0.6

db:ICS CERTid:ICSA-20-042-03

Trust: 0.6

db:ICS CERTid:ICSA-20-042-09

Trust: 0.6

db:ICS CERTid:ICSA-20-042-02

Trust: 0.6

db:ICS CERTid:ICSA-20-042-06

Trust: 0.6

db:ICS CERTid:ICSA-20-042-01

Trust: 0.6

db:ICS CERTid:ICSA-20-042-10

Trust: 0.6

db:AUSCERTid:ESB-2020.0486

Trust: 0.6

db:AUSCERTid:ESB-2020.0486.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0486.3

Trust: 0.6

db:IVDid:1044E3A5-DC26-4D11-BF22-4B3EB64F5CC9

Trust: 0.2

db:VULMONid:CVE-2019-13946

Trust: 0.1

sources: IVD: 1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9 // CNVD: CNVD-2020-23039 // VULMON: CVE-2019-13946 // JVNDB: JVNDB-2019-014603 // CNNVD: CNNVD-202002-455 // NVD: CVE-2019-13946

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-04

Trust: 2.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-13946

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-05

Trust: 1.2

url:https://cert-portal.siemens.com/productcert/html/ssa-780073.html

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13946

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-10

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-09

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-08

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-07

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-06

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-03

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-02

Trust: 0.6

url:https://www.us-cert.gov/ics/advisories/icsa-20-042-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0486/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0486.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0486.3/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-042-04

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-04

Trust: 0.1

sources: CNVD: CNVD-2020-23039 // VULMON: CVE-2019-13946 // JVNDB: JVNDB-2019-014603 // CNNVD: CNNVD-202002-455 // NVD: CVE-2019-13946

CREDITS

Yuval Ardon and Matan Dobrushin of OTORIO reported this vulnerability to CISA and Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202002-455

SOURCES

db:IVDid:1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9
db:CNVDid:CNVD-2020-23039
db:VULMONid:CVE-2019-13946
db:JVNDBid:JVNDB-2019-014603
db:CNNVDid:CNNVD-202002-455
db:NVDid:CVE-2019-13946

LAST UPDATE DATE

2024-08-14T13:07:26.862000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-23039date:2020-04-16T00:00:00
db:VULMONid:CVE-2019-13946date:2022-04-12T00:00:00
db:JVNDBid:JVNDB-2019-014603date:2020-03-11T00:00:00
db:CNNVDid:CNNVD-202002-455date:2023-04-12T00:00:00
db:NVDid:CVE-2019-13946date:2024-07-09T12:15:04.920

SOURCES RELEASE DATE

db:IVDid:1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9date:2020-02-11T00:00:00
db:CNVDid:CNVD-2020-23039date:2020-04-16T00:00:00
db:VULMONid:CVE-2019-13946date:2020-02-11T00:00:00
db:JVNDBid:JVNDB-2019-014603date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202002-455date:2020-02-11T00:00:00
db:NVDid:CVE-2019-13946date:2020-02-11T16:15:15.023