Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19300

CVSS 7.5 · High EPSS 0.54% · P68
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-19300

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Siemens产品 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC S7-300 CPUs和Siemens SIMATIC S7-1500 CPU family都是德国西门子(Siemens)公司的产品。Siemens SIMATIC S7-300 CPUs是一款CPU(中央处理器)模块。Siemens SIMATIC S7-1500 CPU family是一款S7-1500系列的中央处理单元。 多款Siemens产品存在资源管理错误漏洞。攻击者可借助特制的数据包利用该漏洞导致拒绝服务。以下产品及版本受到影响:Siemens KTK ATE
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200 0 ~ * -
SiemensDevelopment/Evaluation Kits for PROFINET IO: EK-ERTEC 200P 0 ~ * -
SiemensKTK ATE530S 0 ~ * -
SiemensSIDOOR ATD430W 0 ~ * -
SiemensSIDOOR ATE530S COATED 0 ~ * -
SiemensSIDOOR ATE531S 0 ~ * -
SiemensSIMATIC ET 200AL IM 157-1 PN 0 ~ * -
SiemensSIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, CM 4x IO-Link, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, CM 8x IO-Link, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, CM 8x IO-Link, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, DI 16x24VDC, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, DI 8x24VDC, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L V5.1.1 ~ V5.1.3 -
SiemensSIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L V5.1.1 ~ V5.1.2 -
SiemensSIMATIC ET 200MP IM 155-5 PN HF V4.2.0 ~ * -
SiemensSIMATIC ET 200pro IM 154-8 PN/DP CPU 0 ~ * -
SiemensSIMATIC ET 200pro IM 154-8F PN/DP CPU 0 ~ * -
SiemensSIMATIC ET 200pro IM 154-8FX PN/DP CPU 0 ~ * -
SiemensSIMATIC ET 200S IM 151-8 PN/DP CPU 0 ~ * -
SiemensSIMATIC ET 200S IM 151-8F PN/DP CPU 0 ~ * -
SiemensSIMATIC ET 200SP IM 155-6 MF HF 0 ~ * -
SiemensSIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants) 0 ~ * -
SiemensSIMATIC ET 200SP IM 155-6 PN HF V4.2.0 ~ * -
SiemensSIMATIC ET 200SP IM 155-6 PN/2 HF V4.2.0 ~ * -
SiemensSIMATIC ET 200SP IM 155-6 PN/3 HF V4.2.0 ~ * -
SiemensSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) 0 ~ V2.0 -
SiemensSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) 0 ~ V2.0 -
SiemensSIMATIC MICRO-DRIVE PDC 0 ~ * -
SiemensSIMATIC PN/MF Coupler 0 ~ * -
SiemensSIMATIC PN/PN Coupler All versions >= V4.2 -
SiemensSIMATIC S7-1200 CPU family (incl. SIPLUS variants) All versions < V4.4.0 -
SiemensSIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants) All versions < V2.0 -
SiemensSIMATIC S7-1500 Software Controller All versions < V2.0 -
SiemensSIMATIC S7-300 CPU 314C-2 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 315-2 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 315F-2 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 315T-3 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 317-2 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 317F-2 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 317T-3 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 317TF-3 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 319-3 PN/DP 0 ~ * -
SiemensSIMATIC S7-300 CPU 319F-3 PN/DP 0 ~ * -
SiemensSIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants) 0 ~ * -
SiemensSIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) 0 ~ * -
SiemensSIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) 0 ~ V10.2 -
SiemensSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) 0 ~ V8.3 -
SiemensSIMATIC TDC CP51M1 0 ~ * -
SiemensSIMATIC TDC CPU555 0 ~ * -
SiemensSIMATIC WinAC RTX 2010 0 ~ * -
SiemensSIMATIC WinAC RTX F 2010 0 ~ * -
SiemensSINAMICS S/G Control Unit w. PROFINET 0 ~ * -
SiemensSIPLUS ET 200MP IM 155-5 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200MP IM 155-5 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200MP IM 155-5 PN HF T1 RAIL V4.2.0 ~ * -
SiemensSIPLUS ET 200S IM 151-8 PN/DP CPU 0 ~ * -
SiemensSIPLUS ET 200S IM 151-8F PN/DP CPU 0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF T1 RAIL V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF T1 RAIL V4.2.0 ~ * -
SiemensSIPLUS ET 200SP IM 155-6 PN HF TX RAIL V4.2.0 ~ * -
SiemensSIPLUS NET PN/PN Coupler All versions >= V4.2 -
SiemensSIPLUS S7-300 CPU 314C-2 PN/DP 0 ~ * -
SiemensSIPLUS S7-300 CPU 315-2 PN/DP 0 ~ * -
SiemensSIPLUS S7-300 CPU 315F-2 PN/DP 0 ~ * -
SiemensSIPLUS S7-300 CPU 317-2 PN/DP 0 ~ * -
SiemensSIPLUS S7-300 CPU 317F-2 PN/DP 0 ~ * -

II. Public POCs for CVE-2019-19300

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-19300

登录查看更多情报信息。

Same Patch Batch · Siemens · 2020-04-14 · 4 CVEs total

CVE-2019-193017.5 HIGHSiemens SCALANCE X-200IRT 资源管理错误漏洞
CVE-2020-7574Siemens Climatix POL908和POL909 跨站脚本漏洞
CVE-2020-7575Siemens Climatix POL908和POL909 跨站脚本漏洞

IV. Related Vulnerabilities

Same vendor: Siemens
Same weakness: CWE-400

V. Comments for CVE-2019-19300

No comments yet

Leave a comment