#VU25270 Resource exhaustion in Siemens products - CVE-2019-13946
Published: February 12, 2020
Vulnerability identifier: #VU25270
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-13946
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Development/Evaluation Kits for PROFINET IO
SCALANCE M-800 / S615
SCALANCE W-700 (IEEE 802.11n)
SIMATIC CP 343-1 ERPC
SIMATIC CP 343-1 LEAN
SIMATIC ET200AL IM 157-1 PN
SIMATIC ET200M IM153-4 PN IO HF
SIMATIC ET200M IM153-4 PN IO ST
SIMATIC ET200MP IM155-5 PN HF
SIMATIC ET200MP IM155-5 PN ST
SIMATIC ET 200S
SIMATIC ET200SP IM155-6 PN Basic
SIMATIC ET200SP IM155-6 PN HF
SIMATIC ET200SP IM155-6 PN ST
SIMATIC ET 200ecoPN
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0
SINAMICS DCP
SIMATIC PROFINET Driver
RUGGEDCOM RM1224
SCALANCE X-200
SCALANCE X-200 IRT
SCALANCE X-300
SCALANCE XB-200
SCALANCE XC-200
SCALANCE XP-200
SCALANCE XF-200BA
SCALANCE XR-300WG
SCALANCE XM-400
SCALANCE XR-500
SIMATIC CP 1616
SIMATIC CP 1604
SIMATIC ET200pro IM 154-3 PN HF
SIMATIC ET200pro IM 154-4 PN HF
SIMATIC RF182C
SIMATIC RF180C
SIMATIC CP 343-1 Advanced
SIMATIC CP 343-1 Standard
SIMATIC CP 443-1 Advanced
SIMATIC CP 443-1 Standard
SIMATIC CP443-1 OPC UA
SIMATIC RF600
SIMATIC IPC Support, Package for VxWorks
SIMATIC MV400
Development/Evaluation Kits for PROFINET IO
SCALANCE M-800 / S615
SCALANCE W-700 (IEEE 802.11n)
SIMATIC CP 343-1 ERPC
SIMATIC CP 343-1 LEAN
SIMATIC ET200AL IM 157-1 PN
SIMATIC ET200M IM153-4 PN IO HF
SIMATIC ET200M IM153-4 PN IO ST
SIMATIC ET200MP IM155-5 PN HF
SIMATIC ET200MP IM155-5 PN ST
SIMATIC ET 200S
SIMATIC ET200SP IM155-6 PN Basic
SIMATIC ET200SP IM155-6 PN HF
SIMATIC ET200SP IM155-6 PN ST
SIMATIC ET 200ecoPN
SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0
SINAMICS DCP
SIMATIC PROFINET Driver
RUGGEDCOM RM1224
SCALANCE X-200
SCALANCE X-200 IRT
SCALANCE X-300
SCALANCE XB-200
SCALANCE XC-200
SCALANCE XP-200
SCALANCE XF-200BA
SCALANCE XR-300WG
SCALANCE XM-400
SCALANCE XR-500
SIMATIC CP 1616
SIMATIC CP 1604
SIMATIC ET200pro IM 154-3 PN HF
SIMATIC ET200pro IM 154-4 PN HF
SIMATIC RF182C
SIMATIC RF180C
SIMATIC CP 343-1 Advanced
SIMATIC CP 343-1 Standard
SIMATIC CP 443-1 Advanced
SIMATIC CP 443-1 Standard
SIMATIC CP443-1 OPC UA
SIMATIC RF600
SIMATIC IPC Support, Package for VxWorks
SIMATIC MV400
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the Profinet-IO (PNIO) stack versions prior v06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200: Update to v4.5 Patch 01
- Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P: Update to v4.6
- PROFINET Driver for Controller: Update to v2.1 Patch 03
- SCALANCE M-800 / S615: Update to v6.1.2
- SCALANCE W700 IEEE 802.11n: Update to v6.4
- SCALANCE X-200IRT switch family: Update to v5.4.2
- SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG: Update to v4.1
- SCALANCE XM-400 switch family: Update to v6.2.3
- SCALANCE XR-500 switch family: Update to v6.2.3
- SIMATIC CP 1616 and CP 1604: Update to v2.8.1
- SIMATIC ET200MP IM155-5 PN HF: Update to v4.2.0
- SIMATIC ET200MP IM155-5 PN ST: Update to v4.1.0
- SIMATIC ET200SP IM155-6 PN HF: Update to v4.2.2
- SIMATIC ET200SP IM155-6 PN ST: pdate to v4.1.0
- SIMATIC RF600 family: Update to v3.2.1
- SINAMICS DCP: Update to v1.3