CVE-2019-10936 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
siemens	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
siemens	dk_standard_ethernet_controller_firmware	*
siemens	ek-ertec_200_firmware	*
siemens	ek-ertec_200p_firmware	𝑥 < 4.6
siemens	ek-ertec_200p_firmware	4.6
siemens	simatic_cfu_pa_firmware	𝑥 < 1.2.0
siemens	simatic_et_200al_firmware	*
siemens	simatic_et_200m_firmware	*
siemens	simatic_et_200mp_im_155-5_pn_ba_firmware	𝑥 < 4.3.0
siemens	simatic_et_200mp_im_155-5_pn_hf_firmware	𝑥 < 4.4.0
siemens	simatic_et_200mp_im_155-5_pn_st_firmware	*
siemens	simatic_et_200s_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_ba_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_ha_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_hf_firmware	𝑥 < 4.2.2
siemens	simatic_et_200sp_im_155-6_pn_hs_firmware	*
siemens	simatic_et_200sp_im_155-6_pn_st_firmware	*
siemens	simatic_et_200sp_im_155-6_pn\/2_hf_firmware	𝑥 < 4.2.2
siemens	simatic_et_200sp_im_155-6_pn\/3_hf_firmware	𝑥 < 4.2.1
siemens	simatic_et_200ecopn_firmware	*
siemens	simatic_et_200pro_firmware	*
siemens	simatic_hmi_comfort_outdoor_panels_7\"_firmware	*
siemens	simatic_hmi_comfort_outdoor_panels_15\"_firmware	*
siemens	simatic_hmi_comfort_panels_4\"_firmware	*
siemens	simatic_hmi_comfort_panels_22\"_firmware	*
siemens	simatic_hmi_ktp_mobile_panels_firmware	*
siemens	simatic_pn\/pn_coupler_firmware	𝑥 < 4.2.1
siemens	simatic_profinet_driver_firmware	𝑥 < 2.1
siemens	simatic_s7-1200_cpu_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1211c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1212c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1200_cpu_1214c_firmware	𝑥 < 4.4.0
siemens	simatic_s7-1500_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500s_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500t_cpu_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1518_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1511c_firmware	𝑥 < 2.0
siemens	simatic_s7-1500_cpu_1512c_firmware	𝑥 < 2.0
siemens	simatic_s7-300_cpu_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_312_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_313_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_314_ifm_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_315-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_316-2_dp_firmware	𝑥 < 3.3.17
siemens	simatic_s7-300_cpu_318-2_firmware	𝑥 < 3.3.17
siemens	simatic_s7-400_pn_v7_firmware	*
siemens	simatic_s7-400_dp_v7_firmware	*
siemens	simatic_s7-400_v6_firmware	𝑥 < 6.0.9
siemens	simatic_s7-400h_v6_firmware	𝑥 < 6.0.9
siemens	simatic_s7-410_v8_firmware	𝑥 < 8.2.2
siemens	simatic_winac_rtx_\(f\)_firmware	𝑥 < 2010
siemens	sinamics_dcm_firmware	𝑥 < 1.5
siemens	sinamics_dcm_firmware	1.5
siemens	sinamics_dcp_firmware	𝑥 < 1.3
siemens	sinamics_g110m_firmware	𝑥 < 4.7
siemens	sinamics_g110m_firmware	4.7
siemens	sinamics_g120_firmware	𝑥 < 4.7
siemens	sinamics_g120_firmware	4.7
siemens	sinamics_g130_firmware	𝑥 < 5.2
siemens	sinamics_g130_firmware	5.2
siemens	sinamics_g150_firmware	𝑥 < 5.2
siemens	sinamics_g150_firmware	5.2
siemens	sinamics_gl150_firmware	𝑥 < 4.8
siemens	sinamics_gl150_firmware	4.8
siemens	sinamics_gm150_firmware	𝑥 < 4.8
siemens	sinamics_gm150_firmware	4.8
siemens	sinamics_s110_firmware	*
siemens	sinamics_s120_firmware	𝑥 < 5.2
siemens	sinamics_s120_firmware	5.2
siemens	sinamics_s150_firmware	𝑥 < 5.2
siemens	sinamics_s150_firmware	5.2
siemens	sinamics_sl150_firmware	𝑥 < 4.7
siemens	sinamics_sl150_firmware	4.7
siemens	sinamics_sm120_firmware	-
siemens	sinumerik_828d	𝑥 < 4.8
siemens	sinumerik_828d	4.8
siemens	sinumerik_828d	4.8:sp1
siemens	sinumerik_828d	4.8:sp2
siemens	sinumerik_828d	4.8:sp3
siemens	sinumerik_828d	4.8:sp4
siemens	sinumerik_840d_sl	*

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-400 - Uncontrolled Resource Consumption
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References

https://cert-portal.siemens.com/productcert/html/ssa-473245.html

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf

https://cert-portal.siemens.com/productcert/html/ssa-473245.html

https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf