CVE-2019-10923

CVSS V2 Medium 5 CVSS V3 High 7.5

Description

A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7, SIMATIC S7-400 CPU 412-2 DP V7, SIMATIC S7-400 CPU 412-2 PN/DP V7, SIMATIC S7-400 CPU 414-2 DP V7, SIMATIC S7-400 CPU 414-3 DP V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-2 DP V7, SIMATIC S7-400 CPU 416-3 DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-2 DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 CPU 417-4 DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 V7, SIPLUS S7-400 CPU 417-4 V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.

Overview

CVE ID
CVE-2019-10923

Assigner
productcert@siemens.com

Vulnerability Status
Modified

Published Version
2019-10-10T14:15:14

Last Modified Date
2023-04-11T10:15:08

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:siemens:cp1604_firmware::::::::	1	OR	2.8
cpe:2.3:h:siemens:cp1604:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:cp1616_firmware::::::::	1	OR	2.8
cpe:2.3:h:siemens:cp1616:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware::::::::	1	OR	4.1.1
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-::::::	1	OR
cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:p4::::::	1	OR
cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:ek-ertec_200_firmware::::::::	1	OR	4.5.0
cpe:2.3:o:siemens:ek-ertec_200_firmware:4.5.0:-::::::	1	OR
cpe:2.3:h:siemens:ek-ertec_200:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:ek-ertec_200p_firmware::::::::	1	OR	4.5.0
cpe:2.3:h:siemens:ek-ertec_200p:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:scalance_x-200irt_firmware::::::::	1	OR	5.2.1
cpe:2.3:h:siemens:scalance_x-200irt:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_et_200m_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_et_200m:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_et_200s_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_et_200s:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_et_200ecopn_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_et_200ecopn:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_pn\/pn_coupler_6es7158-3ad01-0xa0_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_pn\/pn_coupler_6es7158-3ad01-0xa0:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_312_ifm_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_312_ifm:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_313_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_313:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_314:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_314_ifm_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_314_ifm:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_315:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_315-2_dp_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_315-2_dp:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_316-2_dp_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_316-2_dp:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-300_cpu_318-2_firmware::::::::	1	OR	3.3.17
cpe:2.3:h:siemens:simatic_s7-300_cpu_318-2:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-400_v6_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_s7-400_v6:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-400_pn_v7_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_s7-400_pn_v7:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_s7-400_dp_v7_firmware::::::::	1	OR
cpe:2.3:h:siemens:simatic_s7-400_dp_v7:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware::::::::	1	OR	2010
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:-::::::	1	OR
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp1::::::	1	OR
cpe:2.3:o:siemens:simatic_winac_rtx_\(f\)_firmware:2010:sp2::::::	1	OR
cpe:2.3:h:siemens:simatic_winac_rtx_\(f\):-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:simotion_firmware::::::::	1	OR
cpe:2.3:h:siemens:simotion:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_dcm_firmware::::::::	1	OR	1.5
cpe:2.3:o:siemens:sinamics_dcm_firmware:1.5:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_dcm:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_dcp_firmware::::::::	1	OR	1.3
cpe:2.3:h:siemens:sinamics_dcp:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_g110m_firmware::::::::	1	OR	4.7
cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_g110m:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_g120_firmware::::::::	1	OR	4.7
cpe:2.3:o:siemens:sinamics_g120_firmware:4.7:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_g120:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_g130_firmware::::::::	1	OR	4.7
cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_g130:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_g150_firmware::::::::	1	OR	4.8
cpe:2.3:h:siemens:sinamics_g150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_gh150_firmware::::::::	1	OR	4.8
cpe:2.3:o:siemens:sinamics_gh150_firmware:4.8:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_gh150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_gl150_firmware::::::::	1	OR	4.8
cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_gl150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_gm150_firmware::::::::	1	OR	4.8
cpe:2.3:o:siemens:sinamics_gm150_firmware:4.8:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_gm150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_s110_firmware::::::::	1	OR
cpe:2.3:h:siemens:sinamics_s110:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_s120_firmware::::::::	1	OR	4.7
cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_s120:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_s150_firmware::::::::	1	OR	4.8
cpe:2.3:h:siemens:sinamics_s150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_sl150_firmware::::::::	1	OR	4.7
cpe:2.3:o:siemens:sinamics_sl150_firmware:4.7:-::::::	1	OR
cpe:2.3:h:siemens:sinamics_sl150:-:::::::*	0	OR
		AND
cpe:2.3:o:siemens:sinamics_sm120_firmware::::::::	1	OR
cpe:2.3:h:siemens:sinamics_sm120:-:::::::*	0	OR
		AND
cpe:2.3:a:siemens:sinumerik_828d::::::::	1	OR	4.8
cpe:2.3:a:siemens:sinumerik_828d:4.8:-::::::	1	OR
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp1::::::	1	OR
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp2::::::	1	OR
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp3::::::	1	OR
cpe:2.3:a:siemens:sinumerik_828d:4.8:sp4::::::	1	OR
		AND
cpe:2.3:a:siemens:sinumerik_840d_sl::::::::	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector
NETWORK

Attack Compatibility
LOW

Privileges Required
NONE

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
NONE

Availability Impact
HIGH

Base Score
7.5

Base Severity
HIGH

Exploitability Score
3.9

Impact Score
3.6

References

Reference URL	Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2019-10923
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10923

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 06:33:29				Added to TrackCVE
2022-12-04 04:06:52	2019-10-10T14:15Z	2019-10-10T14:15:14	CVE Published Date	updated
2022-12-04 04:06:52		2022-02-09T16:15:10	CVE Modified Date	updated
2022-12-04 04:06:52		Modified	Vulnerability Status	updated
2023-01-10 13:11:38		2023-01-10T12:15:11	CVE Modified Date	updated
2023-01-10 13:11:38	A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 4AO U/I 4xM12 (All versions), SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12 (All versions), SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12 (All versions), SIMATIC ET200ecoPN: IO-Link Master (All versions), SIMATIC ET200pro (All versions), SIMATIC NET CP 1604 (All versions < V2.8), SIMATIC NET CP 1616 (All versions < V2.8), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.17), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions < V1.3), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations.	A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION (incl. SIPLUS variants), SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.	Description	updated
2023-04-11 12:08:09		2023-04-11T10:15:08	CVE Modified Date	updated
2023-04-11 12:08:10	A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION (incl. SIPLUS variants), SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.	A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7, SIMATIC S7-400 CPU 412-2 DP V7, SIMATIC S7-400 CPU 412-2 PN/DP V7, SIMATIC S7-400 CPU 414-2 DP V7, SIMATIC S7-400 CPU 414-3 DP V7, SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-2 DP V7, SIMATIC S7-400 CPU 416-3 DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-2 DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, SIMATIC S7-400 CPU 417-4 DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 V7, SIPLUS S7-400 CPU 417-4 V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.	Description	updated