ID

VAR-202004-0713


CVE

CVE-2019-19301


TITLE

Resource exhaustion vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2019-015237

DESCRIPTION

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE X-200, SCALANCE X-200IRT and SCALANCE X-300 are all industrial switch products. Many Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions)

Trust: 2.7

sources: NVD: CVE-2019-19301 // JVNDB: JVNDB-2019-015237 // CNVD: CNVD-2020-23036 // IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce // CNVD: CNVD-2020-23036

AFFECTED PRODUCTS

vendor:siemensmodel:scalance x-200irtscope: - version: -

Trust: 1.4

vendor:siemensmodel:scalance xc-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1 advancedscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200irtscope:ltversion:5.5.0

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200irt proscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xb-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic rf180cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xf-200scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic rf182cscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance xr-300wgscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance x-200irt proscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance x-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xb-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xc-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xf-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xp-200scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance xr-300wgscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope: - version: -

Trust: 0.8

vendor:scalance xc 200model: - scope:eqversion:*

Trust: 0.6

vendor:simatic cp 443 1model: - scope:eqversion:*

Trust: 0.6

vendor:simatic cp 443 1 advancedmodel: - scope:eqversion:*

Trust: 0.6

vendor:simatic rf180cmodel: - scope:eqversion:*

Trust: 0.6

vendor:simatic rf182cmodel: - scope:eqversion:*

Trust: 0.6

vendor:scalance xf 200model: - scope:eqversion:*

Trust: 0.6

vendor:scalance xp 200model: - scope:eqversion:*

Trust: 0.6

vendor:scalance xb 200model: - scope:eqversion:*

Trust: 0.6

vendor:scalance x 200irtmodel: - scope:eqversion:*

Trust: 0.6

vendor:scalance x 200irt promodel: - scope:eqversion:*

Trust: 0.6

vendor:scalance xr 300wgmodel: - scope:eqversion:*

Trust: 0.6

vendor:scalance x 300model: - scope:eqversion:*

Trust: 0.6

vendor:scalance xr 300model: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-300

Trust: 0.6

vendor:siemensmodel:simatic rf182cscope: - version: -

Trust: 0.6

vendor:siemensmodel:scalancescope:eqversion:x-200

Trust: 0.6

vendor:siemensmodel:simatic cp advancedscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic cpscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic rf180cscope: - version: -

Trust: 0.6

sources: IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce // CNVD: CNVD-2020-23036 // JVNDB: JVNDB-2019-015237 // NVD: CVE-2019-19301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19301
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2019-19301
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015237
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-23036
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-800
value: HIGH

Trust: 0.6

IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb
value: HIGH

Trust: 0.2

IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59
value: HIGH

Trust: 0.2

IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2019-19301
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015237
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-23036
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-19301
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2019-015237
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce // CNVD: CNVD-2020-23036 // JVNDB: JVNDB-2019-015237 // CNNVD: CNNVD-202004-800 // NVD: CVE-2019-19301 // NVD: CVE-2019-19301

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2019-015237 // NVD: CVE-2019-19301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-800

TYPE

Resource management error

Trust: 1.2

sources: IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce // CNNVD: CNNVD-202004-800

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015237

PATCH

title:SSA-102233url:https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf

Trust: 0.8

title:Siemens SCALANCE X-200IRT Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=193682

Trust: 0.6

sources: JVNDB: JVNDB-2019-015237 // CNNVD: CNNVD-202004-800

EXTERNAL IDS

db:NVDid:CVE-2019-19301

Trust: 3.6

db:ICS CERTid:ICSA-20-105-07

Trust: 2.0

db:SIEMENSid:SSA-102233

Trust: 1.6

db:CNVDid:CNVD-2020-23036

Trust: 1.2

db:CNNVDid:CNNVD-202004-800

Trust: 1.2

db:JVNid:JVNVU95499848

Trust: 0.8

db:JVNDBid:JVNDB-2019-015237

Trust: 0.8

db:AUSCERTid:ESB-2020.1344

Trust: 0.6

db:IVDid:B9FA949F-A798-488A-AAF8-2C06BA051BFB

Trust: 0.2

db:IVDid:B2CB9F9F-6364-48F2-A154-9D2C9D2FBB59

Trust: 0.2

db:IVDid:BAE9F8D6-AF70-4836-A69A-44064F8F23CE

Trust: 0.2

sources: IVD: b9fa949f-a798-488a-aaf8-2c06ba051bfb // IVD: b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59 // IVD: bae9f8d6-af70-4836-a69a-44064f8f23ce // CNVD: CNVD-2020-23036 // JVNDB: JVNDB-2019-015237 // CNNVD: CNNVD-202004-800 // NVD: CVE-2019-19301

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-20-105-07

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-19301

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19301

Trust: 0.8

url:http://jvn.jp/vu/jvnvu95499848/index.html

Trust: 0.8

url:https://vigilance.fr/vulnerability/simatic-denial-of-service-via-vxworks-segmentsmack-32023

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-20-105-07

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1344/

Trust: 0.6

sources: CNVD: CNVD-2020-23036 // JVNDB: JVNDB-2019-015237 // CNNVD: CNNVD-202004-800 // NVD: CVE-2019-19301

CREDITS

Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:

Trust: 0.6

sources: CNNVD: CNNVD-202004-800

SOURCES

db:IVDid:b9fa949f-a798-488a-aaf8-2c06ba051bfb
db:IVDid:b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59
db:IVDid:bae9f8d6-af70-4836-a69a-44064f8f23ce
db:CNVDid:CNVD-2020-23036
db:JVNDBid:JVNDB-2019-015237
db:CNNVDid:CNNVD-202004-800
db:NVDid:CVE-2019-19301

LAST UPDATE DATE

2024-08-14T13:54:42.797000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-23036date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-015237date:2020-04-21T00:00:00
db:CNNVDid:CNNVD-202004-800date:2023-04-12T00:00:00
db:NVDid:CVE-2019-19301date:2023-04-11T10:15:08.973

SOURCES RELEASE DATE

db:IVDid:b9fa949f-a798-488a-aaf8-2c06ba051bfbdate:2020-04-14T00:00:00
db:IVDid:b2cb9f9f-6364-48f2-a154-9d2c9d2fbb59date:2020-04-14T00:00:00
db:IVDid:bae9f8d6-af70-4836-a69a-44064f8f23cedate:2020-04-14T00:00:00
db:CNVDid:CNVD-2020-23036date:2020-04-16T00:00:00
db:JVNDBid:JVNDB-2019-015237date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202004-800date:2020-04-14T00:00:00
db:NVDid:CVE-2019-19301date:2020-04-14T20:15:14.967