7.8
CVE-2019-13946
- EPSS 0.55%
- Published 11.02.2020 16:15:15
- Last modified 21.11.2024 04:25:45
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Profinet Driver Version < 2.1
Siemens ≫ Ek-ertec 200 Firmware Version < 4.5
Siemens ≫ Ek-ertec 200p Firmware Version < 4.6
Siemens ≫ Ruggedcom Rm1224 Firmware Version < 4.3
Siemens ≫ Scalance M-800 Firmware Version < 4.3
Siemens ≫ Scalance S615 Firmware Version < 4.3
Siemens ≫ Scalance W700 Ieee 802.11n Firmware Version <= 6.0.1
Siemens ≫ Scalance X-200irt Firmware Version < 5.3
Siemens ≫ Scalance Xr-300wg Firmware Version < 3.0
Siemens ≫ Scalance Xb-200 Firmware Version < 3.0
Siemens ≫ Scalance Xc-200 Firmware Version < 3.0
Siemens ≫ Scalance Xp-200 Firmware Version < 3.0
Siemens ≫ Scalance Xf-200ba Firmware Version < 3.0
Siemens ≫ Scalance Xr-300wg Firmware Version < 3.0
Siemens ≫ Scalance X-400 Firmware Version < 6.0
Siemens ≫ Scalance Xm-400 Firmware Version < 6.0
Siemens ≫ Scalance Xr524 Firmware Version < 6.0
Siemens ≫ Scalance Xr526 Firmware Version < 6.0
Siemens ≫ Scalance Xr528 Firmware Version < 6.0
Siemens ≫ Scalance Xr552 Firmware Version < 6.0
Siemens ≫ Simatic Cp 1616 Firmware Version < 2.8
Siemens ≫ Simatic Cp 1604 Firmware Version < 2.8
Siemens ≫ Simatic Et200mp Im155-5 Pn Hf Firmware Version < 4.2.0
Siemens ≫ Simatic Et200mp Im155-5 Pn St Firmware Version < 4.1.0
Siemens ≫ Simatic Et200sp Im155-6 Pn Hf Firmware Version < 3.3.1
Siemens ≫ Simatic Et200sp Im155-6 Pn St Firmware Version < 4.1.0
Siemens ≫ Simatic Rf600 Firmware Version < 3.0
Siemens ≫ Sinamics Dcp Firmware Version < 1.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.67 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| productcert@siemens.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.