CVE-2019-18336

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC TDC CP51M1 (All versions < V1.1.8), SIMATIC TDC CPU555 (All versions < V1.1.1), SINUMERIK 840D sl (All versions < V4.8.6), SINUMERIK 840D sl (All versions < V4.94). Specially crafted packets sent to port 102/tcp (Profinet) could cause the affected device to go into defect mode. A restart is required in order to recover the system. Successful exploitation requires an attacker to have network access to port 102/tcp, with no authentication. No user interation is required. At the time of advisory publication no public exploitation of this security vulnerability was known.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:33

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-508982.pdf - Vendor Advisory

Information

Published : 2020-03-10 20:15

Updated : 2024-11-21 04:33


NVD link : CVE-2019-18336

Mitre link : CVE-2019-18336

CVE.ORG link : CVE-2019-18336


JSON object : View

Products Affected

siemens

  • sinumerik_840d_sl
  • simatic_tdc_cp51m1
  • simatic_s7-300_cpu_314
  • simatic_s7-300_cpu_312_ifm_firmware
  • simatic_s7-300_cpu_316-2_dp_firmware
  • simatic_s7-300_cpu_318-2_firmware
  • simatic_s7-300_cpu_314_ifm_firmware
  • simatic_s7-300_cpu_314_ifm
  • simatic_tdc_cpu555
  • simatic_s7-300_cpu
  • simatic_s7-300_cpu_315_firmware
  • simatic_s7-300_cpu_315
  • simatic_s7-300_cpu_firmware
  • simatic_s7-300_cpu_313_firmware
  • simatic_s7-300_cpu_315-2_dp_firmware
  • simatic_s7-300_cpu_314_firmware
  • simatic_tdc_cp51m1_firmware
  • simatic_s7-300_cpu_312_ifm
  • simatic_tdc_cpu555_firmware
  • simatic_s7-300_cpu_313
  • simatic_s7-300_cpu_318-2
  • simatic_s7-300_cpu_316-2_dp
  • simatic_s7-300_cpu_315-2_dp
CWE
CWE-400

Uncontrolled Resource Consumption