CVE-2019-10953

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
References
Link Resource
http://www.securityfocus.com/bid/108413 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/108413 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:abb:pm554-tp-eth_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:abb:pm554-tp-eth:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:phoenixcontact:ilc_151_eth:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:6es7211-1ae40-0xb0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7211-1ae40-0xb0:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:6es7314-6eh04-0ab0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6es7314-6eh04-0ab0:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:6ed1052-1cc01-0ba8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:6ed1052-1cc01-0ba8:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:wago:knx_ip_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:knx_ip:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:wago:pfc100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:wago:ethernet_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:ethernet:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:wago:bacnet\/ip_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wago:bacnet\/ip:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:20

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/108413 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/108413 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 - Mitigation, Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03 - Mitigation, Third Party Advisory, US Government Resource

31 Jan 2022, 20:48

Type Values Removed Values Added
CPE cpe:2.3:h:se:modicon_m221:-:*:*:*:*:*:*:*
cpe:2.3:o:se:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*
cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*

19 Aug 2021, 18:21

Type Values Removed Values Added
CPE cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*
cpe:2.3:o:se:modicon_m221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:se:modicon_m221:-:*:*:*:*:*:*:*

Information

Published : 2019-04-17 15:29

Updated : 2024-11-21 04:20


NVD link : CVE-2019-10953

Mitre link : CVE-2019-10953

CVE.ORG link : CVE-2019-10953


JSON object : View

Products Affected

wago

  • pfc100
  • ethernet
  • knx_ip
  • pfc100_firmware
  • knx_ip_firmware
  • bacnet\/ip
  • bacnet\/ip_firmware
  • ethernet_firmware

siemens

  • 6es7314-6eh04-0ab0_firmware
  • 6es7211-1ae40-0xb0
  • 6es7314-6eh04-0ab0
  • 6ed1052-1cc01-0ba8
  • 6ed1052-1cc01-0ba8_firmware
  • 6es7211-1ae40-0xb0_firmware

abb

  • pm554-tp-eth
  • pm554-tp-eth_firmware

schneider-electric

  • modicon_m221
  • modicon_m221_firmware

phoenixcontact

  • ilc_151_eth
  • ilc_151_eth_firmware
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-770

Allocation of Resources Without Limits or Throttling