Denial-of-Service Vulnerability in SIMATIC WinAC RTX (F) 2010 Software by Siemens
CVE-2019-13921

7.5HIGH

Key Information:

Vendor: Siemens Ag
Status: Simatic Winac Rtx (f) 2010
Vendor: CVE Published:; 10 October 2019

What is CVE-2019-13921?

A vulnerability has been identified in the SIMATIC WinAC RTX (F) 2010 software that allows an unauthenticated attacker to initiate a denial-of-service condition. This occurs when a large HTTP request is sent to the executing service, causing the service to become unavailable. The vulnerability can be exploited via network access with no system privileges or user interaction required, affecting the availability of critical services.

Affected Version(s)

SIMATIC WinAC RTX (F) 2010 All versions < SP3 Update 1

References

https://cert-portal.siemens.com/productcert/pdf/ssa-87827...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2019
Vulnerability Reserved
Jul 18, 2019

Siemens Ag

What is CVE-2019-13921?

Affected Version(s)

References

CVSS V3.1

Timeline