CVE-2019-10923

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

104

Siemens Simatic ET 200mp IM 155-5 PN HF Siemens Simatic ET 200mp IM 155-5 PN ST Siemens Simatic ET 200pro IM 154-3 PN HF +101 more

Timeline

PublishedOct 10

Latest updateMay 24

Description

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages105 packages

▶CVEListV5siemens/sinamics_g130< V4.7 HF29

▶CVEListV5siemens/sinamics_g150< V4.7 HF29

▶CVEListV5siemens/sinamics_s150< V4.7 HF29

▶NVDsiemens/sinumerik_828d< 4.8+1

▶NVDsiemens/cp1604_firmware< 2.8

🔴Vulnerability Details

GHSA

GHSA-gm9h-7xvc-jg2f: A vulnerability has been identified in CP1604 (All versions < V2↗2022-05-24

▶

CVEList

CVE-2019-10923: An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the↗2019-10-10

▶