CVE-2019-13921Insufficient Resource Pool in AG Simatic Winac RTX 2010

CWE-410Insufficient Resource PoolCWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Siemens AG Simatic Winac RTX 2010Siemens Simatic Winac RTX 2010
Timeline
PublishedOct 10
Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and n

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5siemens_ag/simatic_winac_rtx_2010All versions < SP3 Update 1

🔴Vulnerability Details

2
GHSA
GHSA-rf96-4cxg-vq3q: A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions)2022-05-24
CVEList
CVE-2019-13921: A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1)2019-10-10
CVE-2019-13921 — Insufficient Resource Pool | cvebase