cbcvebase.
CVE-2019-13946
published 2020-02-11

CVE-2019-13946: Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.

Affected

149 ranges· showing 25
VendorProductVersion rangeFixed in
siemensdevelopment_evaluation_kits_for_profinet_io_dk_standard_ethernet_controller< **
siemensdevelopment_evaluation_kits_for_profinet_io_ek-ertec_200
siemensdevelopment_evaluation_kits_for_profinet_io_ek-ertec_200p
siemensek-ertec_200_firmware< 4.54.5
siemensek-ertec_200p_firmware< 4.64.6
siemensprofinet_driver< 2.12.1
siemensprofinet_driver_for_controller
siemensruggedcom_rm1224_family
siemensruggedcom_rm1224_firmware< 4.34.3
siemensscalance_m-800_firmware< 4.34.3
siemensscalance_m804pb
siemensscalance_m812-1_adsl-router
siemensscalance_m816-1_adsl-router
siemensscalance_m826-2_shdsl-router
siemensscalance_m874-2
siemensscalance_m874-3
siemensscalance_m876-3
siemensscalance_m876-4
siemensscalance_s615_firmware< 4.34.3
siemensscalance_s615_lan-router
siemensscalance_w-700_ieee_802.11n_family
siemensscalance_w700_ieee_802.11n_firmware<= 6.0.1
siemensscalance_x-200irt_firmware< 5.35.3
siemensscalance_x-400_firmware< 6.06.0
siemensscalance_x200-4p_irt

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa5.9MEDIUM