Denial of Service Vulnerability in Siemens Products
CVE-2019-10923

7.5HIGH

Key Information:

Vendor: Siemens
Status: Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller; Development/evaluation Kits For Profinet Io: Ek-ertec 200; Development/evaluation Kits For Profinet Io: Ek-ertec 200p; Scalance X-200irt Family (incl. Siplus Net Variants)
Vendor: CVE Published:; 10 October 2019

What is CVE-2019-10923?

This vulnerability allows an attacker with network access to disrupt the real-time synchronization functionality of the Siemens installations, potentially leading to a denial of service condition. This disruption can adversely affect the operations and reliability of the affected systems.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller All versions < V4.1.1 Patch 05

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions < V4.5.0 Patch 01

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-34942...

https://cert-portal.siemens.com/productcert/html/ssa-3494...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2019
Vulnerability Reserved
Apr 8, 2019