Denial of Service Vulnerability in Siemens PROFINET IO Products
CVE-2019-19300
7.5HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 14 April 2020
What is CVE-2019-19300?
A vulnerability has been discovered in the Interniche-based TCP Stack used by various Siemens PROFINET IO products. This vulnerability allows an attacker to force the stack into making prohibitively expensive calls for each incoming packet. As a result, this can exhaust system resources and lead to a denial of service condition, disrupting normal operations of affected devices.
Affected Version(s)
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 All versions
Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P All versions
KTK ATE530S All versions