Vulnerability-Lookup

BDU:2019-04211

Vulnerability from fstec - Published: 08.10.2019

Title

Уязвимость программно-аппаратных средств Siemens, связанная с возможностью нарушения синхронизации времени (IRT), позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость программно-аппаратных средств Siemens связана с возможностью нарушения синхронизации времени (IRT). Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Siemens AG

Software Name

SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200pro, SIMATIC ET 200S, SINUMERIK 840D sl, Development/Evaluation Kits for PROFINET IO DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO EK-ERTEC 200P, SINAMICS S120, SIMATIC S7-400 PN/DP V7 включая F, CP1604, CP1616, Development/Evaluation Kits for PROFINET IO EK-ERTEC 200, SCALANCE X-200 IRT, SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0, SIMATIC S7-300 CPU family, SIMATIC S7-400 включая F, SIMATIC WinAC RTX 2010 incl. F, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M, SINAMICS G120, SINAMICS G130, SINAMICS G150, SINAMICS GH150, SINAMICS GL150, SINAMICS GM150, SINAMICS S110, SINAMICS S150, SINAMICS SL150, SINAMICS SM120, SINUMERIK 828D

Software Version

- (SIMATIC ET 200ecoPN), - (SIMATIC ET 200M), - (SIMATIC ET 200pro), - (SIMATIC ET 200S), - (SINUMERIK 840D sl), до 4.1.1 Patch 05 (Development/Evaluation Kits for PROFINET IO DK Standard Ethernet Controller), до 4.5 (Development/Evaluation Kits for PROFINET IO EK-ERTEC 200P), 4.7 (SINAMICS S120), - (SIMATIC S7-400 PN/DP V7 включая F), до 2.8 (CP1604), до 2.8 (CP1616), до V4.5.0 патч 01 (Development/Evaluation Kits for PROFINET IO EK-ERTEC 200), до V5.2.1 (SCALANCE X-200 IRT), - (SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0), - (SIMATIC S7-300 CPU family), до V6 включительно (SIMATIC S7-400 включая F), до SP3 (SIMATIC WinAC RTX 2010 incl. F), - (SIMOTION), до V1.5 HF1 (SINAMICS DCM), - (SINAMICS DCP), от V4.7 до V4.7 SP10 HF5 (SINAMICS G110M), от V4.7 до V4.7 SP10 HF5 (SINAMICS G120), от V4.7 до V4.7 HF29 (SINAMICS G130), до V4.8 (SINAMICS G150), V4.7 (SINAMICS GH150), V4.7 (SINAMICS GL150), V4.7 (SINAMICS GM150), - (SINAMICS S110), до V4.8 (SINAMICS S150), V4.7 (SINAMICS SL150), V4.7 (SINAMICS SM120), до V4.8 SP5 (SINUMERIK 828D)

Possible Mitigations

Обновление программного обеспечения: Для CP1604 или CP1616 до V2.8: https://support.industry.siemens.com/cs/ww/en/view/109762689 Для Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller до V4.1.1 патч 05: https://support.industry.siemens.com/cs/ww/en/view/109755160 Для Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 до V4.5.0 патч 01: https://support.industry.siemens.com/cs/ww/en/view/109760397 Для Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P до V4.5.0: https://support.industry.siemens.com/cs/ww/en/view/109750012 Для SCALANCE X-200IRT до V5.4.2: https://support.industry.siemens.com/cs/ww/en/view/109763309 Для SIMATIC WinAC RTX (F) 2010 до SIMATIC WinAC RTX 2010 SP3: https://support.industry.siemens.com/cs/ww/en/view/109765109 Для SINAMICS DCM до V1.5 HF1: https://support.industry.siemens.com/cs/us/en/view/44029688 Для SINAMICS G110M или G120 V4.7 до V4.7 SP10 HF5: https://support.industry.siemens.com/cs/us/en/view/109756820 Для SINAMICS G130 V4.7 до V4.7 HF29 или V5.2 HF2: https://support.industry.siemens.com/cs/ww/en/view/103433117/ Для SINAMICS S120 V4.7 до V4.7 HF34 или V5.2 HF2: https://support.industry.siemens.com/cs/us/en/view/92522512 Для SINUMERIK 828D до V4.8 SP5: Свяжитесь со службой поддержки Siemens Для SINAMICS GH150, GL150 и GM150 V4.7 до V4.8 SP2 HF9: Свяжитесь со службой поддержки Siemens Компенсирующие меры: Ограничение доступа к порту 161/TCP Отключить SNMP V1 или 2c Включить SNMP V3 Включить защиту доступа и изменить учетные данные по умолчанию для службы SNMP

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-10923 https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf https://www.us-cert.gov/ics/advisories/icsa-19-283-01

CWE

CWE-20, CWE-400

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SIMATIC ET 200ecoPN), - (SIMATIC ET 200M), - (SIMATIC ET 200pro), - (SIMATIC ET 200S), - (SINUMERIK 840D sl), \u0434\u043e 4.1.1 Patch 05 (Development/Evaluation Kits for PROFINET IO DK Standard Ethernet Controller), \u0434\u043e 4.5 (Development/Evaluation Kits for PROFINET IO EK-ERTEC 200P), 4.7 (SINAMICS S120), - (SIMATIC S7-400 PN/DP V7 \u0432\u043a\u043b\u044e\u0447\u0430\u044f F), \u0434\u043e 2.8 (CP1604), \u0434\u043e 2.8 (CP1616), \u0434\u043e V4.5.0 \u043f\u0430\u0442\u0447 01 (Development/Evaluation Kits for PROFINET IO EK-ERTEC 200), \u0434\u043e V5.2.1 (SCALANCE X-200 IRT), - (SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0), - (SIMATIC S7-300 CPU family), \u0434\u043e V6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (SIMATIC S7-400 \u0432\u043a\u043b\u044e\u0447\u0430\u044f F), \u0434\u043e SP3 (SIMATIC WinAC RTX 2010 incl. F), - (SIMOTION), \u0434\u043e V1.5 HF1 (SINAMICS DCM), - (SINAMICS DCP), \u043e\u0442 V4.7 \u0434\u043e V4.7 SP10 HF5 (SINAMICS G110M), \u043e\u0442 V4.7 \u0434\u043e V4.7 SP10 HF5 (SINAMICS G120), \u043e\u0442 V4.7 \u0434\u043e V4.7 HF29 (SINAMICS G130), \u0434\u043e V4.8 (SINAMICS G150), V4.7 (SINAMICS GH150), V4.7 (SINAMICS GL150), V4.7 (SINAMICS GM150), - (SINAMICS S110), \u0434\u043e V4.8 (SINAMICS S150), V4.7 (SINAMICS SL150), V4.7 (SINAMICS SM120), \u0434\u043e V4.8 SP5 (SINUMERIK 828D)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f: \n\u0414\u043b\u044f CP1604 \u0438\u043b\u0438 CP1616  \u0434\u043e V2.8:\nhttps://support.industry.siemens.com/cs/ww/en/view/109762689\n\n\u0414\u043b\u044f Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller \u0434\u043e V4.1.1 \u043f\u0430\u0442\u0447 05:\nhttps://support.industry.siemens.com/cs/ww/en/view/109755160\n\n\u0414\u043b\u044f Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 \u0434\u043e V4.5.0 \u043f\u0430\u0442\u0447 01:\nhttps://support.industry.siemens.com/cs/ww/en/view/109760397\n\n\u0414\u043b\u044f Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P \u0434\u043e V4.5.0:\nhttps://support.industry.siemens.com/cs/ww/en/view/109750012\n\n\u0414\u043b\u044f SCALANCE X-200IRT \u0434\u043e V5.4.2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109763309\n\n\u0414\u043b\u044f SIMATIC WinAC RTX (F) 2010 \u0434\u043e SIMATIC WinAC RTX 2010 SP3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109765109\n\n\u0414\u043b\u044f SINAMICS DCM \u0434\u043e V1.5 HF1:\nhttps://support.industry.siemens.com/cs/us/en/view/44029688\n\n\u0414\u043b\u044f SINAMICS G110M \u0438\u043b\u0438 G120  V4.7 \u0434\u043e V4.7 SP10 HF5:\nhttps://support.industry.siemens.com/cs/us/en/view/109756820\n\n\u0414\u043b\u044f SINAMICS G130 V4.7 \u0434\u043e V4.7 HF29 \u0438\u043b\u0438 V5.2 HF2:\nhttps://support.industry.siemens.com/cs/ww/en/view/103433117/\n\n\u0414\u043b\u044f SINAMICS S120 V4.7 \u0434\u043e V4.7 HF34 \u0438\u043b\u0438 V5.2 HF2:\nhttps://support.industry.siemens.com/cs/us/en/view/92522512\n\n\u0414\u043b\u044f SINUMERIK 828D \u0434\u043e V4.8 SP5:\n\u0421\u0432\u044f\u0436\u0438\u0442\u0435\u0441\u044c \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Siemens\n\n\u0414\u043b\u044f SINAMICS GH150, GL150 \u0438 GM150 V4.7 \u0434\u043e V4.8 SP2 HF9:\n\u0421\u0432\u044f\u0436\u0438\u0442\u0435\u0441\u044c \u0441\u043e \u0441\u043b\u0443\u0436\u0431\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Siemens\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u043e\u0440\u0442\u0443 161/TCP\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c SNMP V1 \u0438\u043b\u0438 2c\n\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c SNMP V3\n\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0434\u043b\u044f \u0441\u043b\u0443\u0436\u0431\u044b SNMP",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.11.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04211",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-10923",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SIMATIC ET 200ecoPN, SIMATIC ET 200M, SIMATIC ET 200pro, SIMATIC ET 200S, SINUMERIK 840D sl, Development/Evaluation Kits for PROFINET IO DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO EK-ERTEC 200P, SINAMICS S120, SIMATIC S7-400 PN/DP V7 \u0432\u043a\u043b\u044e\u0447\u0430\u044f F, CP1604, CP1616, Development/Evaluation Kits for PROFINET IO EK-ERTEC 200, SCALANCE X-200 IRT, SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0, SIMATIC S7-300 CPU family, SIMATIC S7-400 \u0432\u043a\u043b\u044e\u0447\u0430\u044f F, SIMATIC WinAC RTX 2010 incl. F, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M, SINAMICS G120, SINAMICS G130, SINAMICS G150, SINAMICS GH150, SINAMICS GL150, SINAMICS GM150, SINAMICS S110, SINAMICS S150, SINAMICS SL150, SINAMICS SM120, SINUMERIK 828D",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Siemens, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 (IRT), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 Siemens \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u044f \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432\u0440\u0435\u043c\u0435\u043d\u0438 (IRT). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-10923\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf\nhttps://www.us-cert.gov/ics/advisories/icsa-19-283-01",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0410\u0421\u0423 \u0422\u041f",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-400",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2019-10923 (GCVE-0-2019-10923)

Vulnerability from cvelistv5 – Published: 2019-10-10 13:49 – Updated: 2025-02-11 10:26

Summary

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…
	https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller

Affected: All versions < V4.1.1 Patch 05

Siemens	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200	Affected: All versions < V4.5.0 Patch 01
Siemens	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P	Affected: All versions < V4.5.0
Siemens	SCALANCE X-200IRT family (incl. SIPLUS NET variants)	Affected: All versions < V5.2.1
Siemens	SIMATIC CP 1604	Affected: All versions < V2.8
Siemens	SIMATIC CP 1616	Affected: All versions < V2.8
Siemens	SIMATIC ET 200M (incl. SIPLUS variants)	Affected: All versions
Siemens	SIMATIC ET 200MP IM 155-5 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIMATIC ET 200MP IM 155-5 PN ST	Affected: 0 , < V4.1.0 (custom)
Siemens	SIMATIC ET 200pro IM 154-3 PN HF	Affected: 0 , < * (custom)
Siemens	SIMATIC ET 200pro IM 154-4 PN HF	Affected: 0 , < * (custom)
Siemens	SIMATIC ET 200pro IM 154-8 PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIMATIC ET 200pro IM 154-8F PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIMATIC ET 200pro IM 154-8FX PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIMATIC ET 200S IM 151-8 PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIMATIC ET 200S IM 151-8F PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIMATIC ET 200SP IM 155-6 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIMATIC ET 200SP IM 155-6 PN ST	Affected: 0 , < V4.1.0 (custom)
Siemens	SIMATIC ET 200SP IM 155-6 PN ST BA	Affected: 0 , < V4.1.0 (custom)
Siemens	SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 4AO U/I 4xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12	Affected: All versions
Siemens	SIMATIC ET200ecoPN: IO-Link Master	Affected: All versions
Siemens	SIMATIC ET200S (incl. SIPLUS variants)	Affected: All versions
Siemens	SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)	Affected: All versions
Siemens	SIMATIC S7-300 CPU 314C-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 315-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 315F-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 315T-3 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 317-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 317F-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 317T-3 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 317TF-3 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 319-3 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-300 CPU 319F-3 PN/DP	Affected: All versions < V3.2.17
Siemens	SIMATIC S7-400 CPU 412-2 PN V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIMATIC S7-400 CPU 414-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIMATIC S7-400 CPU 414F-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIMATIC S7-400 CPU 416-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIMATIC S7-400 CPU 416F-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)	Affected: 0 , < * (custom)
Siemens	SIMATIC WinAC RTX 2010	Affected: All versions < V2010 SP3
Siemens	SIMATIC WinAC RTX F 2010	Affected: All versions < V2010 SP3
Siemens	SIMOTION	Affected: All versions
Siemens	SINAMICS DCM	Affected: All versions < V1.5 HF1
Siemens	SINAMICS DCP	Affected: All versions < V1.3
Siemens	SINAMICS G110M V4.7 Control Unit	Affected: All versions < V4.7 SP10 HF5
Siemens	SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)	Affected: All versions < V4.7 SP10 HF5
Siemens	SINAMICS G130	Affected: 0 , < V4.7 HF29 (custom)
Siemens	SINAMICS G150	Affected: 0 , < V4.7 HF29 (custom)
Siemens	SINAMICS GH150 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS GL150 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS GM150 V4.7 Control Unit	Affected: All versions
Siemens	SINAMICS S110 Control Unit	Affected: All versions
Siemens	SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)	Affected: All versions < V4.7 HF34
Siemens	SINAMICS S150	Affected: 0 , < V4.7 HF29 (custom)
Siemens	SINAMICS SL150 V4.7 Control Unit	Affected: All versions < V4.7 HF33
Siemens	SINAMICS SM120 V4.7 Control Unit	Affected: All versions
Siemens	SINUMERIK 828D	Affected: All versions < V4.8 SP5
Siemens	SINUMERIK 840D sl	Affected: All versions < V4.8 SP5
Siemens	SIPLUS ET 200MP IM 155-5 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200MP IM 155-5 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200MP IM 155-5 PN ST	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS ET 200MP IM 155-5 PN ST TX RAIL	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS ET 200S IM 151-8 PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIPLUS ET 200S IM 151-8F PN/DP CPU	Affected: All versions < V3.2.17
Siemens	SIPLUS ET 200SP IM 155-6 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN HF	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL	Affected: 0 , < V4.2.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN ST	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN ST BA	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS ET 200SP IM 155-6 PN ST TX RAIL	Affected: 0 , < V4.1.0 (custom)
Siemens	SIPLUS S7-300 CPU 314C-2 PN/DP	Affected: All versions < V3.3.17
Siemens	SIPLUS S7-300 CPU 315-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIPLUS S7-300 CPU 315F-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIPLUS S7-300 CPU 317-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIPLUS S7-300 CPU 317F-2 PN/DP	Affected: All versions < V3.2.17
Siemens	SIPLUS S7-400 CPU 414-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)
Siemens	SIPLUS S7-400 CPU 416-3 PN/DP V7	Affected: 0 , < V7.0.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.1 Patch 05"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5.0 Patch 01"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE X-200IRT family (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1604",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC CP 1616",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200M (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-3 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-4 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200pro IM 154-8FX PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200ecoPN: IO-Link Master",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET200S (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 315T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-300 CPU 319F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 412-2 PN V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 414F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 CPU 416F-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC WinAC RTX F 2010",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2010 SP3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTION",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5 HF1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS DCP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G110M V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 SP10 HF5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G130",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.7 HF29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS G150",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.7 HF29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GH150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS GM150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S110 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF34"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS S150",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.7 HF29",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SL150 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.7 HF33"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINAMICS SM120 V4.7 Control Unit",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 828D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SINUMERIK 840D sl",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.8 SP5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8 PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200S IM 151-8F PN/DP CPU",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 314C-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.3.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 315F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-300 CPU 317F-2 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.2.17"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 414-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-400 CPU 416-3 PN/DP V7",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V7.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T10:26:23.281Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-10923",
    "datePublished": "2019-10-10T13:49:24.000Z",
    "dateReserved": "2019-04-08T00:00:00.000Z",
    "dateUpdated": "2025-02-11T10:26:23.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-04211

CVE-2019-10923 (GCVE-0-2019-10923)

Tags

Sightings

Nomenclature