This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SCADA_SIEMENS_SIMATIC_S7_1200_PLC_SSA-473245.NBINSiemens SIMATIC S7-1200 PLC UDP Denial of Service (CVE-2019-10936)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.7%
The remote host is a Siemens SIMATIC S7-1200 device. It is, therefore, affected by a denial of service vulnerability.
A denial of service (DoS) vulnerability exists due to improper handling of UDP packets. An unauthenticated, remote attacker can exploit this issue, by sending a large amount of specially crafted UDP packets, to cause the device to stop responding.
Note that Nessus has not attempted to exploit this issue but has instead relied only on the device’s self-reported version number.
Binary data scada_siemens_simatic_s7_1200_plc_SSA-473245.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | simatic_s7_1200_cpu | cpe:/h:siemens:simatic_s7_1200_cpu | |
| siemens | simatic_s7_1200_cpu_firmware | cpe:/o:siemens:simatic_s7_1200_cpu_firmware |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.7%