CVE-2019-18336Uncontrolled Resource Consumption in Siemens Simatic S7-300 CPU 312 IFM Firmware

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 51.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
16
Siemens Simatic S7-300 CPU 312 IFM FirmwareSiemens Simatic S7-300 CPU 313 FirmwareSiemens Simatic S7-300 CPU 314 Firmware+13 more
Timeline
PublishedMar 10
Latest updateMay 24

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitati

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages16 packages

CVEListV5siemens_ag/sinumerik_840d_slAll versions < V4.8.6, All versions < V4.94+1
CVEListV5siemens_ag/simatic_tdc_cp51m1All versions < V1.1.8

🔴Vulnerability Details

2
GHSA
GHSA-q53p-vg4g-3rxp: A vulnerability has been identified in SIMATIC S7-300 CPU family (incl2022-05-24
CVEList
CVE-2019-18336: A vulnerability has been identified in SIMATIC S7-300 CPU family (incl2020-03-10
CVE-2019-18336 — Uncontrolled Resource Consumption | cvebase