CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
CVE-2019-0059 (GCVE-0-2019-0059)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-17 02:27
VLAI
Title
Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.
Summary
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption (3.2)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10957 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
18.1X75 all versions
Unaffected: 18.2X75-D5 Affected: 18.1 , < 18.1R2-S4, 18.1R3-S1 (custom) |
Date Public
2019-10-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "affected",
"version": "18.1X75 all versions"
},
{
"status": "unaffected",
"version": "18.2X75-D5"
},
{
"lessThan": "18.1R2-S4, 18.1R3-S1",
"status": "affected",
"version": "18.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The minimal configuration required is for BGP to be enabled on the device."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption (3.2)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA10957"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S1, 18.2X75-D5, 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10957",
"defect": [
"1356763"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0059",
"STATE": "PUBLIC",
"TITLE": "Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R2-S4, 18.1R3-S1"
},
{
"version_affected": "=",
"version_name": "18.1X75",
"version_value": "all versions"
},
{
"version_affected": "!",
"version_name": "18.2X75",
"version_value": "18.2X75-D5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The minimal configuration required is for BGP to be enabled on the device."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable device. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R2-S4, 18.1R3-S1; 18.1X75 all versions. Versions before 18.1R1 are not affected."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption (3.2)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10957",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA10957"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.1R2-S4, 18.1R3-S1, 18.2X75-D5, 18.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA10957",
"defect": [
"1356763"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0059",
"datePublished": "2019-10-09T19:26:17.536Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:50.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1010266 (GCVE-0-2019-1010266)
Vulnerability from cvelistv5 – Published: 2019-07-17 20:25 – Updated: 2024-08-05 03:07
VLAI
Summary
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-LODASH-73639 | x_refsource_MISC |
| https://github.com/lodash/lodash/issues/3359 | x_refsource_MISC |
| https://github.com/lodash/lodash/wiki/Changelog | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2019091… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:07:18.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lodash/lodash/issues/3359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lodash/lodash/wiki/Changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "lodash",
"vendor": "lodash",
"versions": [
{
"status": "affected",
"version": "\u003c4.17.11 [fixed: 4.7.11]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-19T16:06:08.000Z",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lodash/lodash/issues/3359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lodash/lodash/wiki/Changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lodash",
"version": {
"version_data": [
{
"version_value": "\u003c4.17.11 [fixed: 4.7.11]"
}
]
}
}
]
},
"vendor_name": "lodash"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-LODASH-73639",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-LODASH-73639"
},
{
"name": "https://github.com/lodash/lodash/issues/3359",
"refsource": "MISC",
"url": "https://github.com/lodash/lodash/issues/3359"
},
{
"name": "https://github.com/lodash/lodash/wiki/Changelog",
"refsource": "CONFIRM",
"url": "https://github.com/lodash/lodash/wiki/Changelog"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1010266",
"datePublished": "2019-07-17T20:25:30.000Z",
"dateReserved": "2019-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:07:18.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10162 (GCVE-0-2019-10162)
Vulnerability from cvelistv5 – Published: 2019-07-30 22:15 – Updated: 2024-08-04 22:10
VLAI
Summary
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.
Severity
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://blog.powerdns.com/2019/06/21/powerdns-aut… | x_refsource_CONFIRM |
| https://doc.powerdns.com/authoritative/security-a… | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:10.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pdns",
"vendor": "PowerDNS",
"versions": [
{
"status": "affected",
"version": "fixed in 4.1.10"
},
{
"status": "affected",
"version": "fixed in 4.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "fixed in 4.1.10"
},
{
"version_value": "fixed in 4.0.8"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10162"
},
{
"name": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/",
"refsource": "CONFIRM",
"url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html",
"refsource": "MISC",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html"
},
{
"name": "openSUSE-SU-2019:1904",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
},
{
"name": "openSUSE-SU-2019:1921",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10162",
"datePublished": "2019-07-30T22:15:35.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:10.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10923 (GCVE-0-2019-10923)
Vulnerability from cvelistv5 – Published: 2019-10-10 13:49 – Updated: 2025-02-11 10:26
VLAI
Summary
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
90 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.1 Patch 05"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5.0 Patch 01"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.5.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1604",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CP 1616",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 412-2 PN V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTION",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.7 HF29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.7 HF29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF34"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.7 HF29",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF33"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T10:26:23.281Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10923",
"datePublished": "2019-10-10T13:49:24.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2025-02-11T10:26:23.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10936 (GCVE-0-2019-10936)
Vulnerability from cvelistv5 – Published: 2019-10-10 00:00 – Updated: 2024-08-04 22:40
VLAI
Summary
Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
120 products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dk_standard_ethernet_controller_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ek-ertec_200_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ek-ertec_200_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ek-ertec_200p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ek-ertec_200p_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_cfu_pa:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_cfu_pa",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et200ecopn_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et200ecopn_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et200s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et200s_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200al_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200al_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200m_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200m_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200mp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200mp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200pro_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200pro_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200s_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200s_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_et_200sp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_et_200sp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_hmi_comfort_outdoor_panels",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_pn\\/pn_coupler_6es7158-3ad01-0xa0",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_profinet_driver:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_profinet_driver",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_314_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_315-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_315f-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_315f-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_317-2_dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_317-2_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_317-2_pn\\/dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-300_cpu_319-3_pn\\/dp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-300_cpu_319-3_pn\\/dp_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_412-2_pn:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_412-2_pn",
"vendor": "siemens",
"versions": [
{
"lessThan": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_414-3_pn\\/dp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_414-3_pn\\/dp",
"vendor": "siemens",
"versions": [
{
"lessThan": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-400_cpu_416-3_pn\\/dp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_cpu_416-3_pn\\/dp",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "v7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-400_h_v6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_h_v6_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "v6.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-400_pn\\/dp_v6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-400_pn\\/dp_v6_firmware",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_s7-410_cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-410_cpu_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v8.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1200_cpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1200_cpu",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1500_cpu:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1500_cpu",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_s7-1500_controller:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_s7-1500_controller",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_tdc_cp51m1_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_tdc_cpu555_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_winac_rtx_2010",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2010_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_winac_rtx_\\(f\\)_2010",
"vendor": "siemens",
"versions": [
{
"lessThan": "v2010_sp3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_dcm",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.5_hf1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_dcp",
"vendor": "siemens",
"versions": [
{
"lessThan": "v1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g110m",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_sp10_hf5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g120",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_sp10_hf5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g130",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_g150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gh150",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gl150",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_gm150",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_s110",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_s120",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sl150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sl150",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.7_hf33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinamics_sm120",
"vendor": "siemens",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinumerik_828d",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8_sp5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinumerik_840d_sl",
"vendor": "siemens",
"versions": [
{
"lessThan": "v4.8_sp6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:siemens:siplus_s7-300_cpu_314:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "siplus_s7-300_cpu_314",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.3.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-10936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T14:36:59.481395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:59:12.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.6 Patch 01"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC CFU PA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200AL IM 157-1 PN",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200M (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-3 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-4 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN HS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/2 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP IM 155-6 PN/3 HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200ecoPN: IO-Link Master",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC ET200S (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Outdoor Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC HMI KTP Mobile Panels",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PROFINET Driver",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.4.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 412-2 PN V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.0.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CP51M1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC TDC CPU555",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinAC RTX F 2010",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2010 SP3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCM",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5 HF1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS DCP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G110M V4.7 PN Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 SP10 HF5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G130 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS G150 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GH150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS GM150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S110 Control Unit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS S150 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.8"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SL150 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.7 HF33"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS SM120 V4.7 Control Unit",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 828D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP5"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK 840D sl",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP6"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET PN/PN Coupler",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.2.1"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.3.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.17"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:03:55.957Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-473245.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10936",
"datePublished": "2019-10-10T00:00:00.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10942 (GCVE-0-2019-10942)
Vulnerability from cvelistv5 – Published: 2019-08-13 18:55 – Updated: 2024-08-04 22:40
VLAI
Summary
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SCALANCE X-200 switch family (incl. SIPLUS NET variants) |
Affected:
All versions < V5.2.5
|
|
| Siemens | SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) |
Affected:
All versions < V5.5.0
|
|
| Siemens | SCALANCE X204RNA (HSR) |
Affected:
All versions
|
|
| Siemens | SCALANCE X204RNA (PRP) |
Affected:
All versions
|
|
| Siemens | SCALANCE X204RNA EEC (HSR) |
Affected:
All versions
|
|
| Siemens | SCALANCE X204RNA EEC (PRP) |
Affected:
All versions
|
|
| Siemens | SCALANCE X204RNA EEC (PRP/HSR) |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.5"
}
]
},
{
"product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X204RNA (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SCALANCE X204RNA (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SCALANCE X204RNA EEC (HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SCALANCE X204RNA EEC (PRP/HSR)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T15:16:32.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.5"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X204RNA (HSR)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204RNA (PRP)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204RNA EEC (HSR)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204RNA EEC (PRP)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SCALANCE X204RNA EEC (PRP/HSR)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X204RNA (HSR) (All versions), SCALANCE X204RNA (PRP) (All versions), SCALANCE X204RNA EEC (HSR) (All versions), SCALANCE X204RNA EEC (PRP) (All versions), SCALANCE X204RNA EEC (PRP/HSR) (All versions). The device contains a vulnerability that could allow an attacker to trigger a denial-of-service condition by sending large message packages repeatedly to the telnet service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10942",
"datePublished": "2019-08-13T18:55:57.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10948 (GCVE-0-2019-10948)
Vulnerability from cvelistv5 – Published: 2019-04-30 16:41 – Updated: 2024-08-04 22:40
VLAI
Summary
Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted.
Severity
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION CWE-400
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fujifilm | Fujifilm FCR Capsula X/ Carbon X |
Affected:
CR-IR 357 FCR Carbon X
Affected: CR-IR 357 FCR XC-2 Affected: FCR-IR 357 FCR Capsula X |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fujifilm FCR Capsula X/ Carbon X",
"vendor": "Fujifilm",
"versions": [
{
"status": "affected",
"version": "CR-IR 357 FCR Carbon X"
},
{
"status": "affected",
"version": "CR-IR 357 FCR XC-2"
},
{
"status": "affected",
"version": "FCR-IR 357 FCR Capsula X"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T16:41:37.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fujifilm FCR Capsula X/ Carbon X",
"version": {
"version_data": [
{
"version_value": "CR-IR 357 FCR Carbon X"
},
{
"version_value": "CR-IR 357 FCR XC-2"
},
{
"version_value": "FCR-IR 357 FCR Capsula X"
}
]
}
}
]
},
"vendor_name": "Fujifilm"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X are susceptible to a denial-of-service condition as a result of an overflow of TCP packets, which requires the device to be manually rebooted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-113-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10948",
"datePublished": "2019-04-30T16:41:37.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10952 (GCVE-0-2019-10952)
Vulnerability from cvelistv5 – Published: 2019-05-01 19:02 – Updated: 2024-08-04 22:40
VLAI
Title
Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption
Summary
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering
CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.
Severity
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01 | x_refsource_MISC |
| http://www.securityfocus.com/bid/108118 | vdb-entryx_refsource_BID |
| https://rockwellautomation.custhelp.com/app/answe… |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | CompactLogix 5370 L1 controllers |
Affected:
0 , < 20 - 30
(custom)
|
|
| Rockwell Automation | CompactLogix 5370 L2 controllers |
Affected:
0 , < 20 - 30
(custom)
|
|
| Rockwell Automation | CompactLogix 5370 L3 controllers |
Affected:
0 , < 20 - 30
(custom)
|
|
| Rockwell Automation | Compact GuardLogix 5370 controllers |
Affected:
0 , < 20 - 30
(custom)
|
|
| Rockwell Automation | Armor Compact GuardLogix 5370 controllers |
Affected:
0 , < 20 - 30
(custom)
|
Date Public
2019-04-30 14:35
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01"
},
{
"name": "108118",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108118"
},
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5370 L1 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThan": "20 - 30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5370 L2 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThan": "20 - 30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CompactLogix 5370 L3 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThan": "20 - 30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact GuardLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThan": "20 - 30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Armor Compact GuardLogix 5370 controllers",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThan": "20 - 30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Younes Dragoni of Nozomi Networks of CyberX reported to CISA."
}
],
"datePublic": "2019-04-30T14:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\nAn attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering \n\nCompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier.\u003c/p\u003e"
}
],
"value": "An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering \n\nCompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T16:33:25.067Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01"
},
{
"name": "108118",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108118"
},
{
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003eRockwell Automation strongly encourages users to apply the latest available version of firmware to keep up to date with the latest features, anomaly fixes, and security improvements. Update firmware to version FRN 31.011 that mitigates the associated risk.\u003cbr\u003e\u003cbr\u003eRockwell Automation also recommends the following:\u003cbr\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?Keyword=5370\u0026amp;crumb=112%C2%A0\"\u003e \u003c/a\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFor EtherNet/IP-based vulnerabilities (ID 1-14), block all traffic to and from outside the Manufacturing Zone by blocking or restricting access to Port 2222/TCP/UDP and Port 44818/TCP/UDP using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270/page/1\"\u003e898270\u003c/a\u003e\u0026nbsp;(login required).\u003cul\u003e\u003cli\u003eStratix users can use Device Manager or Studio 5000 Logix Designer to configure access control lists (ACL) to block/restrict ports. See section \u201cAccess Control Lists\u201d in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf\"\u003eStratix Managed Switches User Manual, publication 1783-UM007\u003c/a\u003e, for detailed instructions.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eFor web-based vulnerabilities (ID 15-17), block all traffic from outside the Manufacturing Zone by blocking or restricting access to Port 80/443/TCP.\u003cul\u003e\u003cli\u003eStratix users can use Device Manager or Studio 5000 Logix Designer to configure ACL\u2019s to block/restrict ports. See section \u201cAccess Control Lists\u201d in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf\"\u003eStratix Managed Switches User Manual, publication 1783-UM007\u003c/a\u003e, for detailed instructions.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eUtilize proper network infrastructure controls, such as firewalls, to help ensure that SMTP packets from unauthorized sources are blocked.\u003c/li\u003e\u003cli\u003eConsult the product documentation for specific features, such as a hardware key-switch setting, which may be used to block unauthorized changes, etc.\u003c/li\u003e\u003cli\u003eUse trusted software, software patches, and antivirus/antimalware programs and interact only with trusted websites and attachments.\u003c/li\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article ID \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/494865/page/1\"\u003e494865\u003c/a\u003e\u0026nbsp;(login required).\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that a VPN is only as secure as the connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor more information please refer to Rockwell\u2019s Security Advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979\"\u003ehttps://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Rockwell Automation strongly encourages users to apply the latest available version of firmware to keep up to date with the latest features, anomaly fixes, and security improvements. Update firmware to version FRN 31.011 that mitigates the associated risk.\n\nRockwell Automation also recommends the following:\n https://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx \n\n * For EtherNet/IP-based vulnerabilities (ID 1-14), block all traffic to and from outside the Manufacturing Zone by blocking or restricting access to Port 2222/TCP/UDP and Port 44818/TCP/UDP using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/898270/page/1 \u00a0(login required). * Stratix users can use Device Manager or Studio 5000 Logix Designer to configure access control lists (ACL) to block/restrict ports. See section \u201cAccess Control Lists\u201d in Stratix Managed Switches User Manual, publication 1783-UM007 http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf , for detailed instructions.\n\n\n\n * For web-based vulnerabilities (ID 15-17), block all traffic from outside the Manufacturing Zone by blocking or restricting access to Port 80/443/TCP. * Stratix users can use Device Manager or Studio 5000 Logix Designer to configure ACL\u2019s to block/restrict ports. See section \u201cAccess Control Lists\u201d in Stratix Managed Switches User Manual, publication 1783-UM007 http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf , for detailed instructions.\n\n\n\n * Utilize proper network infrastructure controls, such as firewalls, to help ensure that SMTP packets from unauthorized sources are blocked.\n * Consult the product documentation for specific features, such as a hardware key-switch setting, which may be used to block unauthorized changes, etc.\n * Use trusted software, software patches, and antivirus/antimalware programs and interact only with trusted websites and attachments.\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. For further information about the risks of unprotected Internet accessible control systems, please see Knowledgebase Article ID 494865 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/494865/page/1 \u00a0(login required).\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that a VPN is only as secure as the connected devices.\n\n\nFor more information please refer to Rockwell\u2019s Security Advisory: https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1075979"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation CompactLogix 5370 Uncontrolled Resource Consumption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers",
"version": {
"version_data": [
{
"version_value": "Versions 20 to 30.014 and earlier"
}
]
}
}
]
},
"vendor_name": "CompactLogix"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 to 30.014 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-120-01"
},
{
"name": "108118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10952",
"datePublished": "2019-05-01T19:02:42.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10953 (GCVE-0-2019-10953)
Vulnerability from cvelistv5 – Published: 2019-04-17 14:02 – Updated: 2024-08-04 22:40
VLAI
Summary
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Severity
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION CWE-400
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/108413 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers |
Affected:
Multiple
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108413"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Multiple"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T15:06:03.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108413"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers",
"version": {
"version_data": [
{
"version_value": "Multiple"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03"
},
{
"name": "108413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108413"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10953",
"datePublished": "2019-04-17T14:02:15.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10972 (GCVE-0-2019-10972)
Vulnerability from cvelistv5 – Published: 2019-07-25 23:31 – Updated: 2024-08-04 22:40
VLAI
Summary
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.
Severity
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION CWE-400
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-204-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric | Mitsubishi Electric FR Configurator2 |
Affected:
Version 1.16S and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mitsubishi Electric FR Configurator2",
"vendor": "Mitsubishi Electric",
"versions": [
{
"status": "affected",
"version": "Version 1.16S and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-25T23:31:47.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-10972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mitsubishi Electric FR Configurator2",
"version": {
"version_data": [
{
"version_value": "Version 1.16S and prior"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-204-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-10972",
"datePublished": "2019-07-25T23:31:47.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
Mitigation
Phase: Architecture and Design
Description:
- Mitigation of resource exhaustion attacks requires that the target system either:
- The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.
- The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- recognizes the attack and denies that user further access for a given amount of time, or
- uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that protocols have specific limits of scale placed on them.
Mitigation
Phase: Implementation
Description:
- Ensure that all failures in resource allocation place the system into a safe posture.
CAPEC-147: XML Ping of the Death
An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
CAPEC-227: Sustained Client Engagement
An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.
CAPEC-492: Regular Expression Exponential Blowup
An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.