CVE-2019-10923 vulnerability in Siemens Products
Published on October 10, 2019

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2019-10923 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2019-10923

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10923 are published in these products:

Siemens Sinumerik 828d

Siemens Sinumerik 840d Sl

Affected Versions

Siemens Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller:

Version All versions < V4.1.1 Patch 05 is affected.

Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200:

Version All versions < V4.5.0 Patch 01 is affected.

Siemens Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P:

Version All versions < V4.5.0 is affected.

Siemens SCALANCE X-200IRT family (incl. SIPLUS NET variants):

Version All versions < V5.2.1 is affected.

Siemens SIMATIC CP 1604:

Version All versions < V2.8 is affected.

Siemens SIMATIC CP 1616:

Version All versions < V2.8 is affected.

Siemens SIMATIC ET 200M (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIMATIC ET 200MP IM 155-5 PN ST:

Before V4.1.0 is affected.

Siemens SIMATIC ET 200pro IM 154-3 PN HF:

Before * is affected.

Siemens SIMATIC ET 200pro IM 154-4 PN HF:

Before * is affected.

Siemens SIMATIC ET 200pro IM 154-8 PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC ET 200pro IM 154-8F PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC ET 200pro IM 154-8FX PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC ET 200S IM 151-8 PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC ET 200S IM 151-8F PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN ST:

Before V4.1.0 is affected.

Siemens SIMATIC ET 200SP IM 155-6 PN ST BA:

Before V4.1.0 is affected.

Siemens SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 4AO U/I 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12:

Version All versions is affected.

Siemens SIMATIC ET200ecoPN: IO-Link Master:

Version All versions is affected.

Siemens SIMATIC ET200S (incl. SIPLUS variants):

Version All versions is affected.

Siemens SIMATIC PN/PN Coupler (incl. SIPLUS NET variants):

Version All versions is affected.

Siemens SIMATIC S7-300 CPU 314C-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 315-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 315F-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 315T-3 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 317-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 317F-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 317T-3 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 317TF-3 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 319-3 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-300 CPU 319F-3 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIMATIC S7-400 CPU 412-2 PN V7:

Before V7.0.3 is affected.

Siemens SIMATIC S7-400 CPU 414-3 PN/DP V7:

Before V7.0.3 is affected.

Siemens SIMATIC S7-400 CPU 414F-3 PN/DP V7:

Before V7.0.3 is affected.

Siemens SIMATIC S7-400 CPU 416-3 PN/DP V7:

Before V7.0.3 is affected.

Siemens SIMATIC S7-400 CPU 416F-3 PN/DP V7:

Before V7.0.3 is affected.

Siemens SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants):

Before * is affected.

Siemens SIMATIC WinAC RTX 2010:

Version All versions < V2010 SP3 is affected.

Siemens SIMATIC WinAC RTX F 2010:

Version All versions < V2010 SP3 is affected.

Siemens SIMOTION:

Version All versions is affected.

Siemens SINAMICS DCM:

Version All versions < V1.5 HF1 is affected.

Siemens SINAMICS DCP:

Version All versions < V1.3 is affected.

Siemens SINAMICS G110M V4.7 Control Unit:

Version All versions < V4.7 SP10 HF5 is affected.

Siemens SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants):

Version All versions < V4.7 SP10 HF5 is affected.

Siemens SINAMICS G130:

Before V4.7 HF29 is affected.

Siemens SINAMICS G150:

Before V4.7 HF29 is affected.

Siemens SINAMICS GH150 V4.7 Control Unit:

Version All versions is affected.

Siemens SINAMICS GL150 V4.7 Control Unit:

Version All versions is affected.

Siemens SINAMICS GM150 V4.7 Control Unit:

Version All versions is affected.

Siemens SINAMICS S110 Control Unit:

Version All versions is affected.

Siemens SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants):

Version All versions < V4.7 HF34 is affected.

Siemens SINAMICS S150:

Before V4.7 HF29 is affected.

Siemens SINAMICS SL150 V4.7 Control Unit:

Version All versions < V4.7 HF33 is affected.

Siemens SINAMICS SM120 V4.7 Control Unit:

Version All versions is affected.

Siemens SINUMERIK 828D:

Version All versions < V4.8 SP5 is affected.

Siemens SINUMERIK 840D sl:

Version All versions < V4.8 SP5 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN ST:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200MP IM 155-5 PN ST TX RAIL:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200S IM 151-8 PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS ET 200S IM 151-8F PN/DP CPU:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL:

Before V4.2.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST BA:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL:

Before V4.1.0 is affected.

Siemens SIPLUS ET 200SP IM 155-6 PN ST TX RAIL:

Before V4.1.0 is affected.

Siemens SIPLUS S7-300 CPU 314C-2 PN/DP:

Version All versions < V3.3.17 is affected.

Siemens SIPLUS S7-300 CPU 315-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS S7-300 CPU 315F-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS S7-300 CPU 317-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS S7-300 CPU 317F-2 PN/DP:

Version All versions < V3.2.17 is affected.

Siemens SIPLUS S7-400 CPU 414-3 PN/DP V7:

Before V7.0.3 is affected.

Siemens SIPLUS S7-400 CPU 416-3 PN/DP V7:

Before V7.0.3 is affected.

Exploit Probability

EPSS

0.47%

Percentile

64.06%