CVE-2019-10936

7.5HIGH

Key Information:

Vendor
Siemens
Status
Development/evaluation Kits For Profinet Io: Dk Standard Ethernet Controller
Development/evaluation Kits For Profinet Io: Ek-ertec 200
Development/evaluation Kits For Profinet Io: Ek-ertec 200p
Simatic Cfu Pa
Vendor
CVE Published:
10 October 2019

Summary

Affected devices improperly handle large amounts of specially crafted UDP packets.

This could allow an unauthenticated remote attacker to trigger a denial of service condition.

Affected Version(s)

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller 0

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 0

Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions < V4.6 Patch 01

References

https://cert-portal.siemens.com/productcert/pdf/ssa-47324...
https://cert-portal.siemens.com/productcert/html/ssa-4732...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.