Main Vulnerability Database SB2019101012

SB2019101012 - Denial of service in Siemens Industrial Real-Time (IRT) Devices

Published: October 10, 2019 Updated: October 18, 2019

Security Bulletin ID SB2019101012

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-10923)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted packet, break the real-time synchronization of the affected installation and cause a denial-of-service condition on the target system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

SINUMERIK 840D sl: All versions
SINUMERIK 828D: All versions
SINAMICS SM120: All versions
SINAMICS SL150: All versions
SINAMICS S150: All versions
SINAMICS S120: All versions
SINAMICS S110: All versions
SINAMICS GM150: All versions
SINAMICS GL150: All versions
SINAMICS GH150: All versions
SINAMICS G150: All versions
SINAMICS G130: All versions
SINAMICS G120: All versions
SINAMICS G110M: All versions
SINAMICS DCP: All versions
SINAMICS DCM: All versions
SIMOTION Firmware: All versions
SIMATIC WinAC RTX (F) 2010: All versions
SIMATIC S7-400 PN/DP V7: All versions
SIMATIC S7-400: All versions
SIMATIC S7-300: All versions
SIMATIC PN/PN Coupler: All versions
SIMATIC ET 200pro: All versions
SIMATIC ET 200ecoPN: All versions
SIMATIC ET 200S: All versions
SIMATIC ET 200M: All versions
SCALANCE X-200 IRT: All versions
CP1616: 1.0 - 2.7.2
CP1604: 1.0 - 2.7.2

SB2019101012 - Denial of service in Siemens Industrial Real-Time (IRT) Devices

Breakdown by Severity

Description

Remediation

References

Please verify you're human