Vulnerability Details : CVE-2019-10923
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
Vulnerability category: Denial of service
Products affected by CVE-2019-10923
- cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:p4:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:cp1604_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:cp1616_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ek-ertec_200_firmware:4.5.0:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_v6_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g120_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_s110_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:4.8:-:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinumerik_840d_sl:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:-:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp1:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-10923
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-10923
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Siemens AG |
CWE ids for CVE-2019-10923
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Secondary)
- productcert@siemens.com (Primary)
References for CVE-2019-10923
Jump to