CVE-2019-10923 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Vendor	Product	Version
siemens	cp1604_firmware	𝑥 < 2.8
siemens	cp1616_firmware	𝑥 < 2.8
siemens	dk_standard_ethernet_controller_firmware	𝑥 < 4.1.1
siemens	dk_standard_ethernet_controller_firmware	4.1.1
siemens	dk_standard_ethernet_controller_firmware	4.1.1:p4
siemens	ek-ertec_200_firmware	𝑥 < 4.5.0
siemens	ek-ertec_200_firmware	4.5.0
siemens	ek-ertec_200p_firmware	𝑥 < 4.5.0
siemens	scalance_x-200irt_firmware	𝑥 < 5.2.1
siemens	simatic_et_200m_firmware	*
siemens	simatic_et_200s_firmware	*
siemens	simatic_et_200ecopn_firmware	*
siemens	simatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmware	*
siemens	simatic_s7-300_cpu_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_312_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_313_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_316-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_318-2_firmware	𝑥 < 3.3.17
siemens	simatic_s7-400_v6_firmware	*
siemens	simatic_s7-400_pn_v7_firmware	*
siemens	simatic_s7-400_dp_v7_firmware	*
siemens	simatic_winac_rtx_\(f\)_firmware	𝑥 < 2010
siemens	simotion_firmware	*
siemens	sinamics_dcm_firmware	𝑥 < 1.5
siemens	sinamics_dcm_firmware	1.5
siemens	sinamics_dcp_firmware	𝑥 < 1.3
siemens	sinamics_g110m_firmware	𝑥 < 4.7
siemens	sinamics_g110m_firmware	4.7
siemens	sinamics_g120_firmware	𝑥 < 4.7
siemens	sinamics_g120_firmware	4.7
siemens	sinamics_g130_firmware	𝑥 < 4.7
siemens	sinamics_g130_firmware	4.7
siemens	sinamics_g150_firmware	𝑥 < 4.8
siemens	sinamics_gh150_firmware	𝑥 < 4.8
siemens	sinamics_gh150_firmware	4.8
siemens	sinamics_gl150_firmware	𝑥 < 4.8
siemens	sinamics_gl150_firmware	4.8
siemens	sinamics_gm150_firmware	𝑥 < 4.8
siemens	sinamics_gm150_firmware	4.8
siemens	sinamics_s110_firmware	*
siemens	sinamics_s120_firmware	𝑥 < 4.7
siemens	sinamics_s120_firmware	4.7
siemens	sinamics_s150_firmware	𝑥 < 4.8
siemens	sinamics_sl150_firmware	𝑥 < 4.7
siemens	sinamics_sl150_firmware	4.7
siemens	sinamics_sm120_firmware	*
siemens	sinumerik_828d	𝑥 < 4.8
siemens	sinumerik_828d	4.8
siemens	sinumerik_828d	4.8:sp1
siemens	sinumerik_828d	4.8:sp2
siemens	sinumerik_828d	4.8:sp3
siemens	sinumerik_828d	4.8:sp4
siemens	sinumerik_840d_sl	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://cert-portal.siemens.com/productcert/html/ssa-349422.html

https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf