PLC Cycle Time Influences (Update A)

🗓️ 16 Apr 2019 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 116 Views

PLC Cycle Time Influences (Update A) The update addresses uncontrolled resource consumption vulnerability affecting ABB, Phoenix Contact, Schneider Electric, Siemens, and WAGO PLCs, allowing remote exploitation with low skill level. The vulnerability can be mitigated by adjusting PLC watchdog settings and applying available firmware and software fixes

Reporter	Title	Published	Views	Family All 16
ATTACKERKB	CVE-2019-10953	17 Apr 201915:29	–	attackerkb
CVE	CVE-2019-10953	17 Apr 201914:02	–	cve
Cvelist	CVE-2019-10953	17 Apr 201914:02	–	cvelist
EUVD	EUVD-2019-2667	7 Oct 202500:30	–	euvd
NVD	CVE-2019-10953	17 Apr 201915:29	–	nvd
OSV	CVE-2019-10953	17 Apr 201915:29	–	osv
Tenable Nessus	Abb Pm554-tp-eth Uncontrolled Resource Consumption	8 Nov 201900:00	–	nessus
Tenable Nessus	Phoenix Contact PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)	29 Nov 202400:00	–	nessus
Tenable Nessus	Phoenix Contact PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)	25 Jan 202300:00	–	nessus
Tenable Nessus	Schneider Electric PLC Cycle Time Influences Uncontrolled Resource Consumption (CVE-2019-10953)	1 Mar 202300:00	–	nessus

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-106-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-19-106-03
us-cert	www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01
us-cert	www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
us-cert	www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B

16 Apr 2019 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 25

CVSS 3.17.5

EPSS0.03671

SSVC