ID

VAR-202004-0712


CVE

CVE-2019-19300


TITLE

Variety Siemens Product resource management error vulnerability ( CNVD-2020-23035 )

Trust: 0.8

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661

DESCRIPTION

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. are all products of the German Siemens (Siemens) company. SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC TDC CP51M1 is an industrial Ethernet communication module of the SIMATIC TDC automation system. Many Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. PROFINET (All versions)

Trust: 2.97

sources: NVD: CVE-2019-19300 // JVNDB: JVNDB-2019-015236 // CNVD: CNVD-2020-23035 // IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // VULMON: CVE-2019-19300

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // CNVD: CNVD-2020-23035

AFFECTED PRODUCTS

vendor:simatic et200sp im155 6 pn 2 hfmodel: - scope:eqversion:*

Trust: 1.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pcscope:ltversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic s7-1500scope:ltversion:2.0

Trust: 1.6

vendor:siemensmodel:simatic et 200sp open controller cpu 1515sp pc2scope:ltversion:2.0

Trust: 1.6

vendor:siemensmodel:ktk ate530sscope: - version: -

Trust: 1.4

vendor:siemensmodel:sidoor atd430wscope: - version: -

Trust: 1.4

vendor:siemensmodel:sidoor ate530s coatedscope: - version: -

Trust: 1.4

vendor:siemensmodel:sidoor ate531sscope: - version: -

Trust: 1.4

vendor:siemensmodel:simatic winac rtx \ 2010scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:ktk ate530sscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518-4 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511-1 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513-1 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic et200sp im155-6 pn hfscope:lteversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516-3 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515f-2 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:sidoor atd430wscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1518f-4 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1511f-1 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic pn\/pn couplerscope:lteversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic s7-410 cpuscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic tdc cpu555scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic tdc cp51m1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sinamics s\/g control unitscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200sp im155-6 pn hascope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1513f-1 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic micro-drive pdcscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:sidoor ate531sscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200sp im155-6 pn\/2 hfscope:lteversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517f-3 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1517-3 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:sidoor ate530s coatedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200sp im155-6 mf hfscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-300 cpuscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1515-2 pnscope:ltversion:2.0

Trust: 1.0

vendor:siemensmodel:simatic s7-400 pn\/dpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic et200mp im155-5 pn hfscope:lteversion:4.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500 cpu 1516f-3 pn\/dpscope:ltversion:2.0

Trust: 1.0

vendor:ktk ate530smodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic et200sp im155 6 pn hfmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic micro drive pdcmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic pn pn couplermodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1511 1 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1513 1 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1515 2 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1516 3 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1517 3 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:sidoor atd430wmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1518 4 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1511f 1 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1513f 1 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1515f 2 pnmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1516f 3 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1517f 3 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500 cpu 1518f 4 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 1500model: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 300 cpumodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 400 pn dpmodel: - scope:eqversion:*

Trust: 0.8

vendor:sidoor ate530s coatedmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic s7 410 cpumodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic tdc cp51m1model: - scope:eqversion:*

Trust: 0.8

vendor:simatic tdc cpu555model: - scope:eqversion:*

Trust: 0.8

vendor:simatic winac rtx f 2010model: - scope:eqversion:*

Trust: 0.8

vendor:sinamics s g control unitmodel: - scope:eqversion:*

Trust: 0.8

vendor:sidoor ate531smodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic et 200sp open controller cpu 1515sp pcmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic et 200sp open controller cpu 1515sp pc2model: - scope:eqversion:*

Trust: 0.8

vendor:simatic et200mp im155 5 pn hfmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic et200sp im155 6 mf hfmodel: - scope:eqversion:*

Trust: 0.8

vendor:simatic et200sp im155 6 pn hamodel: - scope:eqversion:*

Trust: 0.8

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pcscope:eqversion:2.0

Trust: 0.8

vendor:siemensmodel:simatic et 200 sp open controller cpu 1515sp pc2scope:eqversion:2.0

Trust: 0.8

vendor:siemensmodel:simatic et 200mp im 155-5 pn hfscope:eqversion:4.2

Trust: 0.8

vendor:siemensmodel:simatic et200sp im155-6 mf hfscope:eqversion:4.2

Trust: 0.8

vendor:siemensmodel:simatic et200sp im155-6 pn hascope:eqversion:4.2

Trust: 0.8

vendor:siemensmodel:simatic et200sp im155-6 pn hfscope:eqversion:4.2

Trust: 0.8

vendor:siemensmodel:simatic s7-300scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 mf hfscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200mp im155-5 pn hfscope:gteversion:4.2

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 pn hfscope:gteversion:4.2

Trust: 0.6

vendor:siemensmodel:simatic pn/pn couplerscope:gteversion:4.2

Trust: 0.6

vendor:siemensmodel:simatic s7-1500 software controllerscope:ltversion:2.0

Trust: 0.6

vendor:siemensmodel:simatic s7-410scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic tdc cp51m1scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 pn hascope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 pn/2 hfscope:gteversion:4.2

Trust: 0.6

vendor:siemensmodel:simatic et200sp im155-6 pn/3 hf.simatic micro-drive pdcscope:gteversion:4.2

Trust: 0.6

vendor:siemensmodel:simatic micro-drive pdcscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic s7-400 pn/dpscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic tdc cpu555scope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winac rtx 2010scope: - version: -

Trust: 0.6

vendor:siemensmodel:sinamics s/g control unit w. profinetscope: - version: -

Trust: 0.6

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // CNVD: CNVD-2020-23035 // JVNDB: JVNDB-2019-015236 // NVD: CVE-2019-19300

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19300
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2019-19300
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015236
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-23035
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-801
value: HIGH

Trust: 0.6

IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454
value: HIGH

Trust: 0.2

IVD: 53646c4d-c67e-442c-b6e5-e05576895f55
value: HIGH

Trust: 0.2

IVD: b989cd8a-d784-43d6-b848-6040a850cda1
value: HIGH

Trust: 0.2

IVD: 40b4fa3b-5945-486b-8125-8431896d5661
value: HIGH

Trust: 0.2

VULMON: CVE-2019-19300
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19300
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015236
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-23035
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 53646c4d-c67e-442c-b6e5-e05576895f55
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b989cd8a-d784-43d6-b848-6040a850cda1
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 40b4fa3b-5945-486b-8125-8431896d5661
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-19300
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015236
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // CNVD: CNVD-2020-23035 // VULMON: CVE-2019-19300 // JVNDB: JVNDB-2019-015236 // CNNVD: CNNVD-202004-801 // NVD: CVE-2019-19300 // NVD: CVE-2019-19300

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

sources: JVNDB: JVNDB-2019-015236 // NVD: CVE-2019-19300

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-801

TYPE

Resource management error

Trust: 1.4

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // CNNVD: CNNVD-202004-801

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015236

PATCH

title:SSA-593272url:https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf

Trust: 0.8

title:Patch for Multiple Siemens product resource management error vulnerabilities (CNVD-2020-23035)url:https://www.cnvd.org.cn/patchInfo/show/214037

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b6bdf7c5a64c5efcddeb45b5831983cf

Trust: 0.1

sources: CNVD: CNVD-2020-23035 // VULMON: CVE-2019-19300 // JVNDB: JVNDB-2019-015236

EXTERNAL IDS

db:NVDid:CVE-2019-19300

Trust: 3.9

db:ICS CERTid:ICSA-20-105-08

Trust: 2.1

db:SIEMENSid:SSA-593272

Trust: 1.7

db:CNVDid:CNVD-2020-23035

Trust: 1.4

db:CNNVDid:CNNVD-202004-801

Trust: 1.4

db:JVNid:JVNVU95499848

Trust: 0.8

db:JVNDBid:JVNDB-2019-015236

Trust: 0.8

db:AUSCERTid:ESB-2020.1345

Trust: 0.6

db:IVDid:27A9C9BB-8ADF-48D6-B6BD-C1000A913454

Trust: 0.2

db:IVDid:53646C4D-C67E-442C-B6E5-E05576895F55

Trust: 0.2

db:IVDid:B989CD8A-D784-43D6-B848-6040A850CDA1

Trust: 0.2

db:IVDid:40B4FA3B-5945-486B-8125-8431896D5661

Trust: 0.2

db:VULMONid:CVE-2019-19300

Trust: 0.1

sources: IVD: 27a9c9bb-8adf-48d6-b6bd-c1000a913454 // IVD: 53646c4d-c67e-442c-b6e5-e05576895f55 // IVD: b989cd8a-d784-43d6-b848-6040a850cda1 // IVD: 40b4fa3b-5945-486b-8125-8431896d5661 // CNVD: CNVD-2020-23035 // VULMON: CVE-2019-19300 // JVNDB: JVNDB-2019-015236 // CNNVD: CNNVD-202004-801 // NVD: CVE-2019-19300

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-105-08

Trust: 2.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-19300

Trust: 1.4

url:https://cert-portal.siemens.com/productcert/html/ssa-593272.html

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19300

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95499848/index.html

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1345/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-105-08

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-denial-of-service-via-interniche-segmentsmack-32022

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-20-105-08

Trust: 0.1

sources: CNVD: CNVD-2020-23035 // VULMON: CVE-2019-19300 // JVNDB: JVNDB-2019-015236 // CNNVD: CNNVD-202004-801 // NVD: CVE-2019-19300

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202004-801

SOURCES

db:IVDid:27a9c9bb-8adf-48d6-b6bd-c1000a913454
db:IVDid:53646c4d-c67e-442c-b6e5-e05576895f55
db:IVDid:b989cd8a-d784-43d6-b848-6040a850cda1
db:IVDid:40b4fa3b-5945-486b-8125-8431896d5661
db:CNVDid:CNVD-2020-23035
db:VULMONid:CVE-2019-19300
db:JVNDBid:JVNDB-2019-015236
db:CNNVDid:CNNVD-202004-801
db:NVDid:CVE-2019-19300

LAST UPDATE DATE

2024-11-23T22:16:29.831000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-23035date:2020-04-16T00:00:00
db:VULMONid:CVE-2019-19300date:2022-06-14T00:00:00
db:JVNDBid:JVNDB-2019-015236date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202004-801date:2023-02-15T00:00:00
db:NVDid:CVE-2019-19300date:2024-11-21T04:34:31.677

SOURCES RELEASE DATE

db:IVDid:27a9c9bb-8adf-48d6-b6bd-c1000a913454date:2020-04-14T00:00:00
db:IVDid:53646c4d-c67e-442c-b6e5-e05576895f55date:2020-04-14T00:00:00
db:IVDid:b989cd8a-d784-43d6-b848-6040a850cda1date:2020-04-14T00:00:00
db:IVDid:40b4fa3b-5945-486b-8125-8431896d5661date:2020-04-14T00:00:00
db:CNVDid:CNVD-2020-23035date:2020-04-16T00:00:00
db:VULMONid:CVE-2019-19300date:2020-04-14T00:00:00
db:JVNDBid:JVNDB-2019-015236date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202004-801date:2020-04-14T00:00:00
db:NVDid:CVE-2019-19300date:2020-04-14T20:15:14.903