CVE-2019-13940 — Uncontrolled Resource Consumption in Siemens S7-1200 CPU 1211c Firmware

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

7.5HIGHNVD

CNA5.3

EPSS

0.6%

top 30.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens S7-1200 CPU 1211c Firmware Siemens S7-1200 CPU 1212c Firmware Siemens S7-1200 CPU 1212fc Firmware +37 more

Timeline

PublishedFeb 11

Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.X.17), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.X.17), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.1), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.X.17), SIMATIC S7-300 CPU …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages40 packages

▶CVEListV5siemens/simatic_et_200s_im151-8_pn_dp_cpuAll versions < V3.X.17

▶CVEListV5siemens/simatic_et_200s_im151-8f_pn_dp_cpuAll versions < V3.X.17

▶CVEListV5siemens/simatic_et_200pro_im154-8_pn_dp_cpuAll versions < V3.X.17

▶CVEListV5siemens/simatic_et_200pro_im154-8f_pn_dp_cpuAll versions < V3.X.17

▶CVEListV5siemens/simatic_et_200pro_im154-8fx_pn_dp_cpuAll versions < V3.X.17

🔴Vulnerability Details

GHSA

GHSA-2w4m-xhc4-2cxx: A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl↗2022-05-24

▶

CVEList

CVE-2019-13940: A vulnerability has been identified in SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3↗2020-02-11

▶