CVE-2019-10953

moderate-risk

Published 2019-04-17

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

Do I need to act?

0.44% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Pm554-Tp-Eth Firmware

Ilc 151 Eth Firmware

Modicon M221 Firmware

6Es7211-1Ae40-0Xb0 Firmware

6Es7314-6Eh04-0Ab0 Firmware

6Ed1052-1Cc01-0Ba8 Firmware

Knx Ip Firmware

Pfc100 Firmware

Ethernet Firmware

Bacnet\/Ip Firmware

Affected Vendors

Siemens Abb Phoenixcontact Schneider-Electric Wago

References (4)

Third Party Advisory http://www.securityfocus.com/bid/108413

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03

Third Party Advisory http://www.securityfocus.com/bid/108413

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 16/34 · Moderate