CVE-2019-10953 — HIGH (7.5)

Q: How severe is CVE-2019-10953?

CVE-2019-10953 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-10953?

Check the references section above for vendor advisories and patch information. Affected products include: Abb Pm554-Tp-Eth Firmware, Abb Pm554-Tp-Eth, Phoenixcontact Ilc 151 Eth Firmware, Phoenixcontact Ilc 151 Eth, Schneider-Electric Modicon M221 Firmware.

Vulnerability Description

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Abb	Pm554-Tp-Eth Firmware	-
Abb	Pm554-Tp-Eth	-
Phoenixcontact	Ilc 151 Eth Firmware	-
Phoenixcontact	Ilc 151 Eth	-
Schneider-Electric	Modicon M221 Firmware	< 1.10.0.0
Schneider-Electric	Modicon M221	-
Siemens	6Es7211-1Ae40-0Xb0 Firmware	-
Siemens	6Es7211-1Ae40-0Xb0	-
Siemens	6Es7314-6Eh04-0Ab0 Firmware	-
Siemens	6Es7314-6Eh04-0Ab0	-
Siemens	6Ed1052-1Cc01-0Ba8 Firmware	-
Siemens	6Ed1052-1Cc01-0Ba8	-
Wago	Knx Ip Firmware	-
Wago	Knx Ip	-
Wago	Pfc100 Firmware	-
Wago	Pfc100	-
Wago	Ethernet Firmware	-
Wago	Ethernet	-
Wago	Bacnet\/Ip Firmware	-
Wago	Bacnet\/Ip	-

Related Weaknesses (CWE)

CWE-770 CWE-400

References

http://www.securityfocus.com/bid/108413Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/108413Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2019-10953?

CVE-2019-10953 is a vulnerability with a CVSS score of 7.5 (HIGH). ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due t...

How severe is CVE-2019-10953?

CVE-2019-10953 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-10953?

Check the references section above for vendor advisories and patch information. Affected products include: Abb Pm554-Tp-Eth Firmware, Abb Pm554-Tp-Eth, Phoenixcontact Ilc 151 Eth Firmware, Phoenixcontact Ilc 151 Eth, Schneider-Electric Modicon M221 Firmware.