Lucene search

[email protected]CVE-2019-13921

HistoryOct 10, 2019 - 2:15 p.m.

CVE-2019-13921

2019-10-1014:15:14

CWE-410

CWE-400

[email protected]

web.nvd.nist.gov

simatic winac rtx

vulnerability

denial-of-service

unauthenticated attacker

nvd

cve-2019-13921

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software.

Affected configurations

NVD

Node

siemenssimatic_winac_rtx_\(f\)_2010

siemenssimatic_winac_rtx_\(f\)_2010Match-

siemenssimatic_winac_rtx_\(f\)_2010Match-update_1

siemenssimatic_winac_rtx_\(f\)_2010Match-update_2

siemenssimatic_winac_rtx_\(f\)_2010Match-update_3

siemenssimatic_winac_rtx_\(f\)_2010Matchsp1

siemenssimatic_winac_rtx_\(f\)_2010Matchsp2-

siemenssimatic_winac_rtx_\(f\)_2010Matchsp2update_1

siemenssimatic_winac_rtx_\(f\)_2010Matchsp2update_2

siemenssimatic_winac_rtx_\(f\)_2010Matchsp2update_3

siemenssimatic_winac_rtx_\(f\)_2010Matchsp2update_4

CPENameOperatorVersion
siemens:simatic_winac_rtx_\(f\)_2010siemens simatic winac rtx (f) 2010eq*
siemens:simatic_winac_rtx_\(f\)_2010siemens simatic winac rtx (f) 2010eq-
siemens:simatic_winac_rtx_\(f\)_2010siemens simatic winac rtx (f) 2010eqsp1
siemens:simatic_winac_rtx_\(f\)_2010siemens simatic winac rtx (f) 2010eqsp2

CPE	Name	Operator	Version
siemens:simatic_winac_rtx_\(f\)_2010	siemens simatic winac rtx (f) 2010	eq	*
siemens:simatic_winac_rtx_\(f\)_2010	siemens simatic winac rtx (f) 2010	eq	-
siemens:simatic_winac_rtx_\(f\)_2010	siemens simatic winac rtx (f) 2010	eq	sp1
siemens:simatic_winac_rtx_\(f\)_2010	siemens simatic winac rtx (f) 2010	eq	sp2

CNA Affected

[
  {
    "product": "SIMATIC WinAC RTX (F) 2010",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < SP3 Update 1"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.6%

JSON

Related for CVE-2019-13921

cvelist1 nvd1 prion1 symantec1 ics1