var-201910-1596
Vulnerability from variot
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs).
A denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic et 200m",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200s",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200ecopn",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pn/pn coupler 6es7158-3ad01-0xa0",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "sinumerik 828d",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu 312 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "dk standard ethernet controller",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "simatic s7-400 dp v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g110m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu 314",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 313",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-300 cpu 316-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics gl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gm150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "cp1604",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "sinamics g120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinumerik 828d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics g130",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic s7-300 cpu",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics s120",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "simatic pn\\/pn coupler 6es7158-3ad01-0xa0",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx \\",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "sinumerik 840d sl",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ek-ertec 200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "simatic et 200m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-300 cpu 314 ifm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "simatic s7-400 v6",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-200irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.1"
},
{
"model": "simatic s7-300 cpu 315-2 dp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics dcm",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8"
},
{
"model": "simatic et 200s",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "dk standard ethernet controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "sinamics g110m",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-300 cpu 315",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinamics gh150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "sinumerik 828d",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simotion",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic winac rtx \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic et 200ecopn",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ek-ertec 200",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.5.0"
},
{
"model": "sinamics dcp",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.3"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-400 pn v7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics s110",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinamics g120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics sl150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics g130",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics s120",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "sinamics dcm",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "simatic s7-300 cpu 318-2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.3.17"
},
{
"model": "cp1604",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp1616",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "dk standard ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "ek-ertec 200p p",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x-200irt",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic et 200pro",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics dcp",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 840d sl",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp1604",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "cp1616",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.8"
},
{
"model": "dk standard ethernet controller patch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.1.105"
},
{
"model": "ek-ertec 200p patch",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5.001"
},
{
"model": "ek-ertec 200p",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5.0"
},
{
"model": "scalance x-200irt",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.2.1"
},
{
"model": "simatic s7-300 cpu family",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic s7-400 and below",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v6"
},
{
"model": "simatic winac rtx",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic s7-400 pn/dp",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7"
},
{
"model": "sinamics dcm hf1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.5"
},
{
"model": "sinumerik 828d sp5",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics g110m sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g120 sp10 hf5",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g130 hf29",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics g150",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics gh150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics gm150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics s110",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinamics s120 hf34",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7\u003cv4.7"
},
{
"model": "sinamics s150",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.8"
},
{
"model": "sinamics sl150",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": "sinamics sm120",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "dk standard ethernet controller",
"version": "4.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1604",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pn pn coupler 6es7158 3ad01 0xa0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 312 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 313",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 314 ifm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 315 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 316 2 dp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 300 cpu 318 2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp1616",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 v6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 pn v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic s7 400 dp v7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simotion",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcm",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics dcp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g110m",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g120",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g130",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dk standard ethernet controller",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics g150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gh150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics gm150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s110",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s120",
"version": "4.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics s150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sl150",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinamics sm120",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 828d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200",
"version": "4.5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 840d sl",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ek ertec 200p",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x 200irt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200m",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic et 200ecopn",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:cp1604_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:cp1616_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x-200irt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200ecopn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200m_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_et_200s_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_pn%2fpn_coupler_6es7158-3ad01-0xa0_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA. Artem Zinenko of Kaspersky reported to Siemens that SIPLUS is also affected.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-10923",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41280",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-142518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-10923",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10923",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2019-10923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10923",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-565",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. Multiple Siemens products are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-300 CPU is a modular universal controller for the manufacturing industry from Siemens. The products in the Siemens SIMATIC S7-400 CPU family have been designed for process control in industrial environments. SIMATIC WinAC RTX (F) 2010 is a simatic software controller for PC-based automation solutions. Siemens SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). \n\nA denial of service vulnerability exists in several Siemens products. A vulnerability has been identified in CP1604 (All versions \u003c V2.8), CP1616 (All versions \u003c V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions \u003c V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions \u003c V4.5.0), SCALANCE X-200IRT (All versions \u003c V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions \u003c SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions \u003c V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions \u003c V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions \u003c V4.7 HF29), SINAMICS G150 (Control Unit) (All versions \u003c V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions \u003c V4.7 HF34), SINAMICS S150 (Control Unit) (All versions \u003c V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions \u003c V4.8 SP5), SINUMERIK 840D sl (All versions). No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations. Siemens CP1616, etc. are all products of Siemens (Siemens) in Germany. CP1616 is a communications processor. SINUMERIK 840D sl is a set of advanced machine tool numerical control system. SCALANCE X-200IRT is an industrial Ethernet switch. The following products and versions are affected: Siemens SIMATIC NET CP 1616 before V2.8; SINUMERIK 840D sl (all versions); SCALANCE X-200IRT series (including SIPLUS NET variants) before V5.2.1; SIMATIC ET200S (including SIPLUS variants) (full version) etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10923"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "VULHUB",
"id": "VHN-142518"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10923",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-349422",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-283-01",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-41280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3812",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3812.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "B7DE1C6D-2642-4DF7-860F-BFE6735515F5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-142518",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"id": "VAR-201910-1596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
}
],
"trust": 1.6269844772727273
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
}
]
},
"last_update_date": "2024-11-23T22:41:18.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-349422",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"title": "Patch for Multiple Siemens Product Denial of Service Vulnerabilities (CNVD-2019-41280)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/184335"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10923"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10923"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3812/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3812.2/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/simatic-denial-of-service-via-irt-30559"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-283-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"db": "VULHUB",
"id": "VHN-142518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142518"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"date": "2019-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"date": "2019-10-10T14:15:14.503000",
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41280"
},
{
"date": "2023-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-142518"
},
{
"date": "2019-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010610"
},
{
"date": "2023-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-565"
},
{
"date": "2024-11-21T04:20:09.600000",
"db": "NVD",
"id": "CVE-2019-10923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability related to resource depletion in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010610"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "b7de1c6d-2642-4df7-860f-bfe6735515f5"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-565"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.