Vulnerabilites related to Siemens - SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)
cve-2019-10923
Vulnerability from cvelistv5
Published
2019-10-10 13:49
Modified
2025-02-11 10:26
Severity ?
EPSS score ?
Summary
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:40:15.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.1.1 Patch 05", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5.0 Patch 01", }, ], }, { defaultStatus: "unknown", product: "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.5.0", }, ], }, { defaultStatus: "unknown", product: "SCALANCE X-200IRT family (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V5.2.1", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1604", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.8", }, ], }, { defaultStatus: "unknown", product: "SIMATIC CP 1616", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2.8", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200M (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-3 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-4 PN HF", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-8 PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-8F PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200pro IM 154-8FX PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200S IM 151-8 PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200S IM 151-8F PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 4AO U/I 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200ecoPN: IO-Link Master", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC ET200S (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 314C-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 315-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 315F-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 315T-3 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 317-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 317F-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 317T-3 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 317TF-3 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 319-3 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-300 CPU 319F-3 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 CPU 412-2 PN V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 CPU 414-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 CPU 414F-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 CPU 416-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 CPU 416F-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMATIC WinAC RTX F 2010", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V2010 SP3", }, ], }, { defaultStatus: "unknown", product: "SIMOTION", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCM", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.5 HF1", }, ], }, { defaultStatus: "unknown", product: "SINAMICS DCP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V1.3", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G110M V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP10 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 SP10 HF5", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G130", vendor: "Siemens", versions: [ { lessThan: "V4.7 HF29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINAMICS G150", vendor: "Siemens", versions: [ { lessThan: "V4.7 HF29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GH150 V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GL150 V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS GM150 V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S110 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF34", }, ], }, { defaultStatus: "unknown", product: "SINAMICS S150", vendor: "Siemens", versions: [ { lessThan: "V4.7 HF29", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SL150 V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.7 HF33", }, ], }, { defaultStatus: "unknown", product: "SINAMICS SM120 V4.7 Control Unit", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 828D", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP5", }, ], }, { defaultStatus: "unknown", product: "SINUMERIK 840D sl", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V4.8 SP5", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200S IM 151-8 PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200S IM 151-8F PN/DP CPU", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.2.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", vendor: "Siemens", versions: [ { lessThan: "V4.1.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-300 CPU 314C-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.3.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-300 CPU 315-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-300 CPU 315F-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-300 CPU 317-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-300 CPU 317F-2 PN/DP", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V3.2.17", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-400 CPU 414-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPLUS S7-400 CPU 416-3 PN/DP V7", vendor: "Siemens", versions: [ { lessThan: "V7.0.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-11T10:26:23.281Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-349422.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2019-10923", datePublished: "2019-10-10T13:49:24", dateReserved: "2019-04-08T00:00:00", dateUpdated: "2025-02-11T10:26:23.281Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }