CVE-2019-10923

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp1604:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:cp1616:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:p4:*:*:*:*:*:*
cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ek-ertec_200_firmware:4.5.0:-:*:*:*:*:*:*
cpe:2.3:h:siemens:ek-ertec_200:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ek-ertec_200p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:simatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_pn\/pn_coupler_6es7158-3ad01-0xa0:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-400_v6_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_v6:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_pn_v7:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-400_dp_v7:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
OR cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:-:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp1:*:*:*:*:*:*
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp2:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_winac_rtx_\(f\):-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_g120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_g120:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:siemens:sinamics_s110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s110:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
OR cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*

Configuration 39 (hide)

OR cpe:2.3:a:siemens:sinumerik_828d:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_828d:4.8:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4:*:*:*:*:*:*

Configuration 40 (hide)

cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:20

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf - Vendor Advisory

10 Sep 2024, 10:15

Type Values Removed Values Added
Summary (en) A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. (en) An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
References
  • () https://cert-portal.siemens.com/productcert/html/ssa-349422.html -

Information

Published : 2019-10-10 14:15

Updated : 2024-11-21 04:20


NVD link : CVE-2019-10923

Mitre link : CVE-2019-10923

CVE.ORG link : CVE-2019-10923


JSON object : View

Products Affected

siemens

  • sinamics_gm150_firmware
  • sinamics_sm120_firmware
  • sinamics_g110m
  • sinamics_gl150
  • simatic_s7-300_cpu_318-2_firmware
  • scalance_x-200irt_firmware
  • simatic_s7-400_pn_v7_firmware
  • sinamics_s120
  • sinumerik_828d
  • simatic_s7-300_cpu_315_firmware
  • simatic_s7-400_v6
  • simatic_s7-300_cpu_315
  • sinamics_s110_firmware
  • simatic_s7-300_cpu_313
  • simatic_et_200s
  • ek-ertec_200
  • sinamics_dcm_firmware
  • sinamics_g150_firmware
  • simatic_s7-400_pn_v7
  • sinamics_g150
  • cp1616
  • sinumerik_840d_sl
  • simatic_et_200m
  • simatic_s7-300_cpu_314
  • simotion
  • simatic_et_200m_firmware
  • simatic_winac_rtx_\(f\)
  • sinamics_s120_firmware
  • sinamics_g130_firmware
  • simatic_s7-300_cpu_firmware
  • simatic_s7-300_cpu_313_firmware
  • simatic_s7-400_v6_firmware
  • simatic_pn\/pn_coupler_6es7158-3ad01-0xa0
  • sinamics_dcp
  • sinamics_g120
  • sinamics_s150
  • simatic_s7-300_cpu_316-2_dp
  • simatic_winac_rtx_\(f\)_firmware
  • simatic_s7-300_cpu_315-2_dp
  • sinamics_gh150_firmware
  • sinamics_g130
  • cp1604_firmware
  • dk_standard_ethernet_controller_firmware
  • sinamics_g110m_firmware
  • cp1604
  • simatic_s7-400_dp_v7
  • simatic_s7-300_cpu_314_ifm
  • simatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmware
  • simatic_et_200ecopn
  • ek-ertec_200p
  • simatic_s7-300_cpu_314_firmware
  • sinamics_gm150
  • simatic_s7-300_cpu_312_ifm
  • simatic_s7-300_cpu_318-2
  • simatic_et_200s_firmware
  • sinamics_dcp_firmware
  • scalance_x-200irt
  • simotion_firmware
  • simatic_s7-300_cpu_312_ifm_firmware
  • simatic_s7-300_cpu_316-2_dp_firmware
  • simatic_s7-300_cpu_314_ifm_firmware
  • sinamics_sm120
  • sinamics_sl150
  • sinamics_sl150_firmware
  • simatic_s7-300_cpu
  • sinamics_gh150
  • simatic_et_200ecopn_firmware
  • simatic_s7-300_cpu_315-2_dp_firmware
  • sinamics_gl150_firmware
  • sinamics_g120_firmware
  • dk_standard_ethernet_controller
  • simatic_s7-400_dp_v7_firmware
  • sinamics_dcm
  • cp1616_firmware
  • ek-ertec_200_firmware
  • sinamics_s150_firmware
  • sinamics_s110
  • ek-ertec_200p_firmware
CWE
CWE-400

Uncontrolled Resource Consumption