Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-10936

Published: 10/10/2019 Updated: 09/05/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Siemens

Vulnerability Summary

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote malicious user to trigger a denial of service condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens dk_standard_ethernet_controller_firmware

siemens ek-ertec_200_firmware

siemens ek-ertec_200p_firmware

siemens ek-ertec_200p_firmware 4.6

siemens simatic_cfu_pa_firmware

siemens simatic_et_200al_firmware

siemens simatic_et_200m_firmware

siemens simatic_et_200mp_im_155-5_pn_ba_firmware

siemens simatic_et_200mp_im_155-5_pn_hf_firmware

siemens simatic_et_200mp_im_155-5_pn_st_firmware

siemens simatic_et_200s_firmware

siemens simatic_et_200sp_im_155-6_pn_ba_firmware

siemens simatic_et_200sp_im_155-6_pn_ha_firmware

siemens simatic_et_200sp_im_155-6_pn_hf_firmware

siemens simatic_et_200sp_im_155-6_pn_hs_firmware

siemens simatic_et_200sp_im_155-6_pn_st_firmware

siemens simatic_et_200sp_im_155-6_pn\\/2_hf_firmware

siemens simatic_et_200sp_im_155-6_pn\\/3_hf_firmware

siemens simatic_et_200ecopn_firmware

siemens simatic_et_200pro_firmware

siemens simatic_hmi_comfort_outdoor_panels_7\\\"_firmware

siemens simatic_hmi_comfort_outdoor_panels_15\\\"_firmware

siemens simatic_hmi_comfort_panels_4\\\"_firmware

siemens simatic_hmi_comfort_panels_22\\\"_firmware

siemens simatic_hmi_ktp_mobile_panels_firmware

siemens simatic_pn\\/pn_coupler_firmware

siemens simatic_profinet_driver_firmware

siemens simatic_s7-1200_cpu_firmware

siemens simatic_s7-1200_cpu_1211c_firmware

siemens simatic_s7-1200_cpu_1212c_firmware

siemens simatic_s7-1200_cpu_1214c_firmware

siemens simatic_s7-1500_cpu_firmware

siemens simatic_s7-1500s_cpu_firmware

siemens simatic_s7-1500t_cpu_firmware

siemens simatic_s7-1500_cpu_1518_firmware

siemens simatic_s7-1500_cpu_1511c_firmware

siemens simatic_s7-1500_cpu_1512c_firmware

siemens simatic_s7-300_cpu_firmware

siemens simatic_s7-300_cpu_312_ifm_firmware

siemens simatic_s7-300_cpu_313_firmware

siemens simatic_s7-300_cpu_314_firmware

siemens simatic_s7-300_cpu_314_ifm_firmware

siemens simatic_s7-300_cpu_315_firmware

siemens simatic_s7-300_cpu_315-2_dp_firmware

siemens simatic_s7-300_cpu_316-2_dp_firmware

siemens simatic_s7-300_cpu_318-2_firmware

siemens simatic_s7-400_pn_v7_firmware

siemens simatic_s7-400_dp_v7_firmware

siemens simatic_s7-400_v6_firmware

siemens simatic_s7-400h_v6_firmware

siemens simatic_s7-410_v8_firmware

siemens simatic_winac_rtx_\\(f\\)_firmware

siemens simatic_winac_rtx_\\(f\\)_firmware 2010

siemens sinamics_dcm_firmware

siemens sinamics_dcm_firmware 1.5

siemens sinamics_dcp_firmware

siemens sinamics_g110m_firmware

siemens sinamics_g110m_firmware 4.7

siemens sinamics_g120_firmware

siemens sinamics_g120_firmware 4.7

siemens sinamics_g130_firmware

siemens sinamics_g130_firmware 5.2

siemens sinamics_g150_firmware

siemens sinamics_g150_firmware 5.2

siemens sinamics_gl150_firmware

siemens sinamics_gl150_firmware 4.8

siemens sinamics_gm150_firmware

siemens sinamics_gm150_firmware 4.8

siemens sinamics_s110_firmware

siemens sinamics_s120_firmware

siemens sinamics_s120_firmware 5.2

siemens sinamics_s150_firmware

siemens sinamics_s150_firmware 5.2

siemens sinamics_sl150_firmware

siemens sinamics_sl150_firmware 4.7

siemens sinamics_sm120_firmware -

siemens sinumerik 828d

siemens sinumerik 828d 4.8

siemens sinumerik 840d sl

References

CWE-400https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdfhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook