Lucene search

[email protected]NVD:CVE-2019-13946

HistoryFeb 11, 2020 - 4:15 p.m.

CVE-2019-13946

2020-02-1116:15:15

CWE-400

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.

The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise the availability of the device.

Affected configurations

NVD

Node

siemensdk_standard_ethernet_controller

siemensprofinet_driverRange<2.1

siemenssimatic_ipc_support

Node

siemensek-ertec_200Match-

AND

siemensek-ertec_200_firmwareRange<4.5

Node

siemensek-ertec_200pMatch-

AND

siemensek-ertec_200p_firmwareRange<4.6

Node

siemensruggedcom_rm1224Match-

AND

siemensruggedcom_rm1224_firmwareRange<4.3

Node

siemensscalance_m-800Match-

AND

siemensscalance_m-800_firmwareRange<4.3

Node

siemensscalance_s615Match-

AND

siemensscalance_s615_firmwareRange<4.3

Node

siemensscalance_w700_ieee_802.11nMatch-

AND

siemensscalance_w700_ieee_802.11n_firmwareRange≤6.0.1

Node

siemensscalance_xc-200Match-

AND

siemensscalance_xc-200_firmware

Node

siemensscalance_xf-200Match-

AND

siemensscalance_xf-200_firmware

Node

siemensscalance_xp-200_firmware

AND

siemensscalance_xp-200Match-

Node

siemensscalance_xb-200_firmware

AND

siemensscalance_xb-200Match-

Node

siemensscalance_x-200irt_firmwareRange<5.3

AND

siemensscalance_x-200irtMatch-

Node

siemensscalance_xr-300wg_firmwareRange<3.0

AND

siemensscalance_xr-300wgMatch-

Node

siemensscalance_x-300_firmware

AND

siemensscalance_x-300Match-

Node

siemensscalance_xb-200_firmwareRange<3.0

AND

siemensscalance_xb-200Match-

Node

siemensscalance_xc-200_firmwareRange<3.0

AND

siemensscalance_xc-200Match-

Node

siemensscalance_xp-200_firmwareRange<3.0

AND

siemensscalance_xp-200Match-

Node

siemensscalance_xf-200ba_firmwareRange<3.0

AND

siemensscalance_xf-200baMatch-

Node

siemensscalance_xr-300wg_firmwareRange<3.0

AND

siemensscalance_xr-300wgMatch-

Node

siemensscalance_x-400_firmwareRange<6.0

AND

siemensscalance_x-400Match-

Node

siemensscalance_xm-400_firmwareRange<6.0

AND

siemensscalance_xm-400Match-

Node

siemensscalance_xr524_firmwareRange<6.0

AND

siemensscalance_xr524Match-

Node

siemensscalance_xr526_firmwareRange<6.0

AND

siemensscalance_xr526Match-

Node

siemensscalance_xr528_firmwareRange<6.0

AND

siemensscalance_xr528Match-

Node

siemensscalance_xr552_firmwareRange<6.0

AND

siemensscalance_xr552Match-

Node

siemenssimatic_cp_1616_firmwareRange<2.8

AND

siemenssimatic_cp_1616Match-

Node

siemenssimatic_cp_1604Match-

AND

siemenssimatic_cp_1604_firmwareRange<2.8

Node

siemenssimatic_cp_343-1_firmware

AND

siemenssimatic_cp_343-1Match-

Node

siemenssimatic_cp_343-1_advanced_firmware

AND

siemenssimatic_cp_343-1_advancedMatch-

Node

siemenssimatic_cp_343-1_erpc_firmware

AND

siemenssimatic_cp_343-1_erpcMatch-

Node

siemenssimatic_cp_343-1_lean_firmware

AND

siemenssimatic_cp_343-1_leanMatch-

Node

siemenssimatic_cp_443-1_firmware

AND

siemenssimatic_cp_443-1Match-

Node

siemenssimatic_cp_443-1_advanced_firmware

AND

siemenssimatic_cp_443-1_advancedMatch-

Node

siemenssimatic_cp_443-1_opc_ua_firmware

AND

siemenssimatic_cp_443-1_opc_uaMatch-

Node

siemenssimatic_et200al_im_157-1_pn_firmware

AND

siemenssimatic_et200al_im_157-1_pnMatch-

Node

siemenssimatic_et200m_im153-4_pn_io_hf_firmware

AND

siemenssimatic_et200m_im153-4_pn_io_hfMatch-

Node

siemenssimatic_et200m_im153-4_pn_io_st_firmware

AND

siemenssimatic_et200m_im153-4_pn_io_stMatch-

Node

siemenssimatic_et200mp_im155-5_pn_hf_firmwareRange<4.2.0

AND

siemenssimatic_et200mp_im155-5_pn_hfMatch-

Node

siemenssimatic_et200mp_im155-5_pn_st_firmwareRange<4.1.0

AND

siemenssimatic_et200mp_im155-5_pn_stMatch-

Node

siemenssimatic_et200s_firmware

AND

siemenssimatic_et200sMatch-

Node

siemenssimatic_et200sp_im155-6_pn_basic_firmware

AND

siemenssimatic_et200sp_im155-6_pn_basicMatch-

Node

siemenssimatic_et200sp_im155-6_pn_hf_firmwareRange<3.3.1

AND

siemenssimatic_et200sp_im155-6_pn_hfMatch-

Node

siemenssimatic_et200sp_im155-6_pn_st_firmwareRange<4.1.0

AND

siemenssimatic_et200sp_im155-6_pn_stMatch-

Node

siemenssimatic_et200ecopn_firmware

AND

siemenssimatic_et200ecopnMatch-

Node

siemenssimatic_et200pro_firmware

AND

siemenssimatic_et200proMatch-

Node

siemensim_154-3_pn_hf_firmware

AND

siemensim_154-3_pn_hfMatch-

Node

siemensim_154-4_pn_hf_firmware

AND

siemensim_154-4_pn_hfMatch-

Node

siemenssimatic_mv440_firmware

AND

siemenssimatic_mv440Match-

Node

siemenssimatic_mv420_firmware

AND

siemenssimatic_mv420Match-

Node

siemenssimatic_pn\/pn_coupler_firmware

AND

siemenssimatic_pn\/pn_couplerMatch-

Node

siemenssimatic_rf180c_firmware

AND

siemenssimatic_rf180cMatch-

Node

siemenssimatic_rf182c_firmware

AND

siemenssimatic_rf182cMatch-

Node

siemenssimatic_rf600_firmwareRange<3.0

AND

siemenssimatic_rf600Match-

Node

siemenssinamics_dcp_firmwareRange<1.3

AND

siemenssinamics_dcpMatch-

References

cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

42.5%

JSON

Related for NVD:CVE-2019-13946

cvelist1 cve1 nessus2 ics1 prion1