CVE-2019-10936 — HIGH (7.5)

Q: What is CVE-2019-10936?

CVE-2019-10936 is a vulnerability with a CVSS score of 7.5 (HIGH). Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

Q: How severe is CVE-2019-10936?

CVE-2019-10936 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10936?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Dk Standard Ethernet Controller Firmware, Siemens Dk Standard Ethernet Controller, Siemens Ek-Ertec 200 Firmware, Siemens Ek-Ertec 200, Siemens Ek-Ertec 200P Firmware.

Vulnerability Description

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Dk Standard Ethernet Controller Firmware	All versions
Siemens	Dk Standard Ethernet Controller	-
Siemens	Ek-Ertec 200 Firmware	All versions
Siemens	Ek-Ertec 200	-
Siemens	Ek-Ertec 200P Firmware	< 4.6
Siemens	Ek-Ertec 200P	-
Siemens	Simatic Cfu Pa Firmware	< 1.2.0
Siemens	Simatic Cfu Pa	-
Siemens	Simatic Et 200Al Firmware	All versions
Siemens	Simatic Et 200Al	-
Siemens	Simatic Et 200M Firmware	All versions
Siemens	Simatic Et 200M	-
Siemens	Simatic Et 200Mp Im 155-5 Pn Ba Firmware	< 4.3.0
Siemens	Simatic Et 200Mp Im 155-5 Pn Ba	-
Siemens	Simatic Et 200Mp Im 155-5 Pn Hf Firmware	< 4.4.0
Siemens	Simatic Et 200Mp Im 155-5 Pn Hf	-
Siemens	Simatic Et 200Mp Im 155-5 Pn St Firmware	All versions
Siemens	Simatic Et 200Mp Im 155-5 Pn St	-
Siemens	Simatic Et 200S Firmware	All versions
Siemens	Simatic Et 200S	-

Related Weaknesses (CWE)

CWE-400

References

FAQ

What is CVE-2019-10936?

CVE-2019-10936 is a vulnerability with a CVSS score of 7.5 (HIGH). Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

How severe is CVE-2019-10936?

CVE-2019-10936 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10936?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Dk Standard Ethernet Controller Firmware, Siemens Dk Standard Ethernet Controller, Siemens Ek-Ertec 200 Firmware, Siemens Ek-Ertec 200, Siemens Ek-Ertec 200P Firmware.