Vulnerability Details : CVE-2019-13946
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise the availability of the device.
Vulnerability category: Denial of service
Products affected by CVE-2019-13946
- cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_pn\/pn_coupler_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_rf182c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_mv420_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_mv440_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ek-ertec_200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ek-ertec_200p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_w700_ieee_802.11n_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x-400_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xr524_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xr526_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xr528_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_xr552_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_343-1_advanced_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_343-1_erpc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_443-1_advanced_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200al_im_157-1_pn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200m_im153-4_pn_io_hf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200m_im153-4_pn_io_st_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200mp_im155-5_pn_hf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200mp_im155-5_pn_st_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_basic_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_hf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200sp_im155-6_pn_st_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200ecopn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_et200pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:im_154-3_pn_hf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:im_154-4_pn_hf_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_rf180c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_rf600_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:dk_standard_ethernet_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:profinet_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_ipc_support:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-13946
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-13946
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Siemens AG |
CWE ids for CVE-2019-13946
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Secondary)
- productcert@siemens.com (Primary)
References for CVE-2019-13946
Jump to