CVE-2019-10936 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
siemens	dk_standard_ethernet_controller_firmware	*
siemens	ek-ertec_200_firmware	*
siemens	ek-ertec_200p_firmware	𝑥 < 4.6
siemens	ek-ertec_200p_firmware	4.6
siemens	simatic_cfu_pa_firmware	𝑥 < 1.2.0
siemens	simatic_et_200al_firmware	*
siemens	simatic_et_200m_firmware	*
siemens	simatic_et_200mp_im_155-5_pn_ba_firmware	𝑥 < 4.3.0
siemens	simatic_et_200mp_im_155-5_pn_hf_firmware	𝑥 < 4.4.0
siemens	simatic_et_200mp_im_155-5_pn_st_firmware	*
siemens	simatic_et_200s_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_ba_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_ha_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_hf_firmware	𝑥 < 4.2.2
siemens	simatic_et_200sp_im_155-6_pn_hs_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_st_firmware	*
siemens	simatic_et_200sp_im_155-6_pn\/2_hf_firmware	𝑥 < 4.2.2
siemens	simatic_et_200sp_im_155-6_pn\/3_hf_firmware	𝑥 < 4.2.1
siemens	simatic_et_200ecopn_firmware	*
siemens	simatic_et_200pro_firmware	*
siemens	simatic_hmi_comfort_outdoor_panels_7\"_firmware	*
siemens	simatic_hmi_comfort_outdoor_panels_15\"_firmware	*
siemens	simatic_hmi_comfort_panels_4\"_firmware	*
siemens	simatic_hmi_comfort_panels_22\"_firmware	*
siemens	simatic_hmi_ktp_mobile_panels_firmware	*
siemens	simatic_pn\/pn_coupler_firmware	𝑥 < 4.2.1
siemens	simatic_profinet_driver_firmware	𝑥 < 2.1
siemens	simatic_s7-1200_cpu_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1211c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1212c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1214c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1500_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500s_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500t_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1518_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1511c_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1512c_firmware	𝑥 < 2.0
siemens	simatic_s7-300_cpu_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_312_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_313_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_316-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_318-2_firmware	𝑥 < 3.3.17
siemens	simatic_s7-400_pn_v7_firmware	*
siemens	simatic_s7-400_dp_v7_firmware	*
siemens	simatic_s7-400_v6_firmware	𝑥 < 6.0.9
siemens	simatic_s7-400h_v6_firmware	𝑥 < 6.0.9
siemens	simatic_s7-410_v8_firmware	𝑥 < 8.2.2
siemens	simatic_winac_rtx_\(f\)_firmware	𝑥 < 2010
siemens	sinamics_dcm_firmware	𝑥 < 1.5
siemens	sinamics_dcm_firmware	1.5
siemens	sinamics_dcp_firmware	𝑥 < 1.3
siemens	sinamics_g110m_firmware	𝑥 < 4.7
siemens	sinamics_g110m_firmware	4.7
siemens	sinamics_g120_firmware	𝑥 < 4.7
siemens	sinamics_g120_firmware	4.7
siemens	sinamics_g130_firmware	𝑥 < 5.2
siemens	sinamics_g130_firmware	5.2
siemens	sinamics_g150_firmware	𝑥 < 5.2
siemens	sinamics_g150_firmware	5.2
siemens	sinamics_gl150_firmware	𝑥 < 4.8
siemens	sinamics_gl150_firmware	4.8
siemens	sinamics_gm150_firmware	𝑥 < 4.8
siemens	sinamics_gm150_firmware	4.8
siemens	sinamics_s110_firmware	*
siemens	sinamics_s120_firmware	𝑥 < 5.2
siemens	sinamics_s120_firmware	5.2
siemens	sinamics_s150_firmware	𝑥 < 5.2
siemens	sinamics_s150_firmware	5.2
siemens	sinamics_sl150_firmware	𝑥 < 4.7
siemens	sinamics_sl150_firmware	4.7
siemens	sinamics_sm120_firmware	-
siemens	sinumerik_828d	𝑥 < 4.8
siemens	sinumerik_828d	4.8
siemens	sinumerik_828d	4.8:sp1
siemens	sinumerik_828d	4.8:sp2
siemens	sinumerik_828d	4.8:sp3
siemens	sinumerik_828d	4.8:sp4
siemens	sinumerik_840d_sl	*

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
siemens	dk_standard_ethernet_controller_firmware	𝑥 ≤ *	ADP
siemens	ek-ertec_200_firmware	𝑥 < *	ADP
siemens	ek-ertec_200p_firmware	𝑥 < 4.6	ADP
siemens	simatic_cfu_pa	𝑥 < v1.2.0	ADP
siemens	simatic_et200ecopn_firmware	𝑥 ≤ *	ADP
siemens	simatic_et200s_firmware	𝑥 ≤ *	ADP
siemens	simatic_et_200al_firmware	𝑥 ≤ *	ADP
siemens	simatic_et_200m_firmware	𝑥 ≤ *	ADP
siemens	simatic_et_200mp_firmware	𝑥 < v4.3.0	ADP
siemens	simatic_et_200pro_firmware	𝑥 ≤ *	ADP
siemens	simatic_et_200s_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_et_200sp_firmware	𝑥 ≤ *	ADP
siemens	simatic_hmi_comfort_outdoor_panels	𝑥 ≤ *	ADP
siemens	simatic_pn\/pn_coupler_6es7158-3ad01-0xa0	𝑥 < v4.2.1	ADP
siemens	simatic_profinet_driver	𝑥 < v2.1	ADP
siemens	simatic_s7-300_cpu_314_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-300_cpu_315-2_dp_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-300_cpu_315f-2_dp_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-300_cpu_317-2_dp_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-300_cpu_317-2_pn\/dp_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-300_cpu_319-3_pn\/dp_firmware	𝑥 < v3.2.17	ADP
siemens	simatic_s7-400_cpu_412-2_pn	𝑥 < v7.0.3	ADP
siemens	simatic_s7-400_cpu_414-3_pn\/dp	𝑥 < v7.0.3	ADP
siemens	simatic_s7-400_cpu_416-3_pn\/dp	𝑥 ≤ v7.0.3	ADP
siemens	simatic_s7-400_h_v6_firmware	𝑥 ≤ v6.0.9	ADP
siemens	simatic_s7-400_pn\/dp_v6_firmware	𝑥 ≤ *	ADP
siemens	simatic_s7-410_cpu_firmware	𝑥 < v8.2.2	ADP
siemens	simatic_s7-1200_cpu	𝑥 < v4.4.0	ADP
siemens	simatic_s7-1500_cpu	𝑥 < v2.0	ADP
siemens	simatic_s7-1500_controller	𝑥 < v2.0	ADP
siemens	simatic_tdc_cp51m1_firmware	𝑥 < v1.1.8	ADP
siemens	simatic_tdc_cpu555_firmware	𝑥 < v1.1.1	ADP
siemens	simatic_winac_rtx_2010	𝑥 < v2010_sp3	ADP
siemens	simatic_winac_rtx_\(f\)_2010	𝑥 < v2010_sp3	ADP
siemens	sinamics_dcm	𝑥 < v1.5_hf1	ADP
siemens	sinamics_dcp	𝑥 < v1.3	ADP
siemens	sinamics_g110m	𝑥 < v4.7_sp10_hf5	ADP
siemens	sinamics_g120	𝑥 < v4.7_sp10_hf5	ADP
siemens	sinamics_g130	𝑥 < v4.8	ADP
siemens	sinamics_g150	𝑥 < v4.8	ADP
siemens	sinamics_gh150	𝑥 ≤ *	ADP
siemens	sinamics_gl150	𝑥 ≤ *	ADP
siemens	sinamics_gm150	𝑥 < *	ADP
siemens	sinamics_s110	𝑥 ≤ *	ADP
siemens	sinamics_s120	𝑥 ≤ *	ADP
siemens	sinamics_sl150	𝑥 < v4.8	ADP
siemens	sinamics_sl150	𝑥 < v4.7_hf33	ADP
siemens	sinamics_sm120	𝑥 ≤ *	ADP
siemens	sinumerik_828d	𝑥 < v4.8_sp5	ADP
siemens	sinumerik_840d_sl	𝑥 < v4.8_sp6	ADP
siemens	siplus_s7-300_cpu_314	𝑥 < v3.3.17	ADP

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://cert-portal.siemens.com/productcert/html/ssa-473245.html

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

https://cert-portal.siemens.com/productcert/html/ssa-473245.html

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf