Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10953

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Published

2019-04-17T15:29:00.843

Last Modified

2024-11-21T04:20:13.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-400
  • Type: Primary
    CWE-770
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System abb pm554-tp-eth_firmware - Yes
Hardware abb pm554-tp-eth - No
Operating System phoenixcontact ilc_151_eth_firmware - Yes
Hardware phoenixcontact ilc_151_eth - No
Operating System schneider-electric modicon_m221_firmware < 1.10.0.0 Yes
Hardware schneider-electric modicon_m221 - No
Operating System siemens 6es7211-1ae40-0xb0_firmware - Yes
Hardware siemens 6es7211-1ae40-0xb0 - No
Operating System siemens 6es7314-6eh04-0ab0_firmware - Yes
Hardware siemens 6es7314-6eh04-0ab0 - No
Operating System siemens 6ed1052-1cc01-0ba8_firmware - Yes
Hardware siemens 6ed1052-1cc01-0ba8 - No
Operating System wago knx_ip_firmware - Yes
Hardware wago knx_ip - No
Operating System wago pfc100_firmware - Yes
Hardware wago pfc100 - No
Operating System wago ethernet_firmware - Yes
Hardware wago ethernet - No
Operating System wago bacnet\/ip_firmware - Yes
Hardware wago bacnet\/ip - No
References