Denial of Service Vulnerability in Siemens Devices
CVE-2019-10936

7.5HIGH

Key Information:

Vendor: Siemens
Status: Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller; Development/evaluation Kits For Profinet Io: Ek-ertec 200; Development/evaluation Kits For Profinet Io: Ek-ertec 200p; Simatic Cfu Pa
Vendor: CVE Published:; 10 October 2019

Summary

This vulnerability affects certain Siemens devices, which mishandle a large volume of specially crafted UDP packets. This flaw could enable an unauthenticated remote attacker to create a denial of service situation, thus rendering the affected devices unavailable and impacting operational continuity.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller 0

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 0

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.6 Patch 01

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47324...

https://cert-portal.siemens.com/productcert/html/ssa-4732...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2019
Vulnerability Reserved
Apr 8, 2019