Vulnerability CVE-2019-10923


Published: 2019-10-10

Description:
A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

Vendor: Siemens
Product: Sinumerik 828d 
Version: 4.8;
Product: Sinamics g110m firmware 
Version: 4.7;
Product: Sinamics s120 firmware 
Version: 4.7;
Product: Sinamics g130 firmware 
Version: 4.7;
Product: Sinamics g120 firmware 
Version: 4.7;
Product: Ek-ertec 200 firmware 
Version: 4.5.0;
Product: Dk standard ethernet controller firmware 
Version: 4.1.1;
Product: Sinamics dcm firmware 
Version: 1.5;
Product: Simatic et 200m firmware 
Product: Sinamics sl150 firmware 
Product: Sinamics gh150 firmware 
Product: Simatic s7-400 dp v7 firmware 
Product: Simatic s7-300 cpu 315-2 dp firmware 
Product: Simatic pn/pn coupler 6es7158-3ad01-0xa0 firmware 
Product: Sinamics gm150 firmware 
Product: Simatic s7-400 v6 firmware 
Product: Simatic s7-300 cpu 316-2 dp firmware 
Product: Simatic s7-300 cpu 313 firmware 
Product: Simatic et 200ecopn firmware 
Product: Simotion firmware 
Product: Simatic s7-300 cpu firmware 
Product: Simatic s7-300 cpu 314 ifm firmware 
Product: Simatic et 200s firmware 
Product: Sinamics sm120 firmware 
Product: Sinumerik 840d sl 
Product: Sinamics gl150 firmware 
Product: Sinamics dcp firmware 
Product: Simatic s7-400 pn v7 firmware 
Product: Simatic s7-300 cpu 315 firmware 
Product: Simatic s7-300 cpu 312 ifm firmware 
Product: Sinamics s110 firmware 
Product: Simatic s7-300 cpu 318-2 firmware 
Product: Simatic s7-300 cpu 314 firmware 
Product: Simatic winac rtx (f) 2010 firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf
https://www.us-cert.gov/ics/advisories/icsa-19-283-01

Related CVE
CVE-2019-13929
A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a password that can be used to gain read and write access...
CVE-2019-13921
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can b...
CVE-2019-10936
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO:...
CVE-2019-13923
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing ...
CVE-2019-13922
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). An attacker with administrative privileges can obtain the hash of a connected device's password. The security vulnerability could be exploited by an attack...
CVE-2019-13920
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some parts of the web application are not protected against Cross Site Request Forgery (CSRF) attacks. The security vulnerability could be exploited by an ...
CVE-2019-13919
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). Some pages that should only be accessible by a privileged user can also be accessed by a non-privileged user. The security vulnerability could be exploited...
CVE-2019-13918
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). The web interface has no means to prevent password guessing attacks. The vulnerability could be exploited by an attacker with network access to the vulnera...

Copyright 2019, cxsecurity.com

 

Back to Top