CVE-2019-13946 — Uncontrolled Resource Consumption in Siemens Development Evaluation Kits FOR Profinet IO DK Standard Ethernet Controller
Severity
7.5HIGHNVD
GHSA5.9
EPSS
0.6%
top 31.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 11
Latest updateMay 24
Description
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction.…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages149 packages
🔴Vulnerability Details
3GHSA▶
GHSA-8fqx-3qjr-87gw: A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evalua↗2022-05-24
📋Vendor Advisories
1Red Hat▶
cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface↗2020-09-01
💬Community
1Bugzilla▶
CVE-2020-13946 cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface↗2020-09-04