CVE-2019-10923 — HIGH (7.5)

Q: What is CVE-2019-10923?

CVE-2019-10923 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

Q: How severe is CVE-2019-10923?

CVE-2019-10923 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10923?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Cp1604 Firmware, Siemens Cp1604, Siemens Cp1616 Firmware, Siemens Cp1616, Siemens Dk Standard Ethernet Controller Firmware.

Vulnerability Description

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Cp1604 Firmware	< 2.8
Siemens	Cp1604	-
Siemens	Cp1616 Firmware	< 2.8
Siemens	Cp1616	-
Siemens	Dk Standard Ethernet Controller Firmware	< 4.1.1
Siemens	Dk Standard Ethernet Controller	-
Siemens	Ek-Ertec 200 Firmware	< 4.5.0
Siemens	Ek-Ertec 200	-
Siemens	Ek-Ertec 200P Firmware	< 4.5.0
Siemens	Ek-Ertec 200P	-
Siemens	Scalance X-200Irt Firmware	< 5.2.1
Siemens	Scalance X-200Irt	-
Siemens	Simatic Et 200M Firmware	All versions
Siemens	Simatic Et 200M	-
Siemens	Simatic Et 200S Firmware	All versions
Siemens	Simatic Et 200S	-
Siemens	Simatic Et 200Ecopn Firmware	All versions
Siemens	Simatic Et 200Ecopn	-
Siemens	Simatic Pn\/Pn Coupler 6Es7158-3Ad01-0Xa0 Firmware	All versions
Siemens	Simatic Pn\/Pn Coupler 6Es7158-3Ad01-0Xa0	-

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2019-10923?

CVE-2019-10923 is a vulnerability with a CVSS score of 7.5 (HIGH). An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

How severe is CVE-2019-10923?

CVE-2019-10923 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10923?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Cp1604 Firmware, Siemens Cp1604, Siemens Cp1616 Firmware, Siemens Cp1616, Siemens Dk Standard Ethernet Controller Firmware.