NVD

Vulnerability Change Records for CVE-2019-13946

Change History

CVE Modified by Siemens AG 4/11/2023 6:15:08 AM

Action

Type

Old Value

New Value

Added

CVSS V3.1

Siemens AG AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Changed

Description

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.

The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise the availability of the device.

Removed

Reference

https://www.us-cert.gov/ics/advisories/icsa-20-042-04 [Third Party Advisory, US Government Resource]

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2019-13946

Change History

CVE Modified by Siemens AG 4/11/2023 6:15:08 AM