CVE-2019-10923

high-risk
Published 2019-10-10

An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

Do I need to act?

-
0.47% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Cp1604 Firmware
Cp1616 Firmware
Dk Standard Ethernet Controller Firmware
Dk Standard Ethernet Controller Firmware
Dk Standard Ethernet Controller Firmware
Ek-Ertec 200 Firmware
Ek-Ertec 200 Firmware
Ek-Ertec 200P Firmware
Scalance X-200Irt Firmware
Simatic Et 200M Firmware
Simatic Et 200S Firmware
Simatic Et 200Ecopn Firmware
Simatic Pn\/Pn Coupler 6Es7158-3Ad01-0Xa0 Firmware
Simatic S7-300 Cpu Firmware
Simatic S7-300 Cpu 312 Ifm Firmware
Simatic S7-300 Cpu 313 Firmware
Simatic S7-300 Cpu 314 Firmware
Simatic S7-300 Cpu 314 Ifm Firmware
Simatic S7-300 Cpu 315 Firmware
Simatic S7-300 Cpu 315-2 Dp Firmware

Affected Vendors

Siemens

References (3)

https://cert-portal.siemens.com/productcert/html/ssa-349422.html
Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf
Vendor Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf
55
/ 100
high-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 27/34 · High