CVE-2019-10953

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 17-04-2019 05:29

Last modified: - 31-01-2022 09:48

Total changes: - 4

Description

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

AND

vendor=abb AND product=pm554-tp-eth_firmware AND version=-

vendor=abb AND product=pm554-tp-eth AND version=-

AND

vendor=phoenixcontact AND product=ilc_151_eth_firmware AND version=-

vendor=phoenixcontact AND product=ilc_151_eth AND version=-

AND

vendor=schneider-electric AND product=modicon_m221_firmware AND versionEndExcluding=1.10.0.0

vendor=schneider-electric AND product=modicon_m221 AND version=-

AND

vendor=siemens AND product=6es7211-1ae40-0xb0_firmware AND version=-

vendor=siemens AND product=6es7211-1ae40-0xb0 AND version=-

AND

vendor=siemens AND product=6es7314-6eh04-0ab0_firmware AND version=-

vendor=siemens AND product=6es7314-6eh04-0ab0 AND version=-

AND

vendor=siemens AND product=6ed1052-1cc01-0ba8_firmware AND version=-

vendor=siemens AND product=6ed1052-1cc01-0ba8 AND version=-

AND

vendor=wago AND product=knx_ip_firmware AND version=-

vendor=wago AND product=knx_ip AND version=-

AND

vendor=wago AND product=pfc100_firmware AND version=-

vendor=wago AND product=pfc100 AND version=-

AND

vendor=wago AND product=ethernet_firmware AND version=-

vendor=wago AND product=ethernet AND version=-

AND

vendor=wago AND product=bacnet\/ip_firmware AND version=-

vendor=wago AND product=bacnet\/ip AND version=-

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03
108413-Third Party Advisory, VDB Entry

Keywords

CVE-2019-10953

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-10953

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures