工控系统行业漏洞库平台
    ICS Vulnerability Database
漏洞参数

漏洞类型: 资源管理错误

危险级别: 高危

CVE编号: CVE-2019-19300

CNVD编号: CNVD-2020-23035

CNNVD编号: CNNVD-202004-801

发布时间: 2020-04-14

CVSS雷达图
CVSS评分: 7.7863900799999985
受影响的平台和产品

ktk_ate530s_firmware *

simatic_et200sp_im155-6_pn_hf_firmware *

simatic_et200sp_im155-6_pn/2_hf_firmware *

simatic_et200sp_im155-6_pn/2_hf_firmware *

simatic_micro-drive_pdc_firmware *

simatic_pn/pn_coupler_firmware *

simatic_s7-1500_cpu_1511-1_pn_firmware *

simatic_s7-1500_cpu_1513-1_pn_firmware *

simatic_s7-1500_cpu_1515-2_pn_firmware *

simatic_s7-1500_cpu_1516-3_pn/dp_firmware *

simatic_s7-1500_cpu_1517-3_pn/dp_firmware *

sidoor_atd430w_firmware *

simatic_s7-1500_cpu_1518-4_pn/dp_firmware *

simatic_s7-1500_cpu_1511f-1_pn_firmware *

simatic_s7-1500_cpu_1513f-1_pn_firmware *

simatic_s7-1500_cpu_1515f-2_pn_firmware *

simatic_s7-1500_cpu_1516f-3_pn/dp_firmware *

simatic_s7-1500_cpu_1517f-3_pn/dp_firmware *

simatic_s7-1500_cpu_1518f-4_pn/dp_firmware *

simatic_s7-1500 *

simatic_s7-300_cpu_firmware *

simatic_s7-400_pn/dp_firmware *

sidoor_ate530s_coated_firmware *

simatic_s7-410_cpu_firmware *

simatic_tdc_cp51m1_firmware *

simatic_tdc_cpu555_firmware *

simatic_winac_rtx_(f)_2010_firmware *

sinamics_s/g_control_unit_firmware *

sidoor_ate531s_firmware *

simatic_et_200sp_open_controller_cpu_1515sp_pc_firmware *

simatic_et_200sp_open_controller_cpu_1515sp_pc2_firmware *

simatic_et200mp_im155-5_pn_hf_firmware *

simatic_et200sp_im155-6_mf_hf_firmware *

simatic_et200sp_im155-6_pn_ha_firmware *

漏洞描述

A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

安全建议&解决方案
  1. 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf 厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf
  • 联系我们
  • 如果您对我们感兴趣,请联系我们。
  • 北京威努特技术有限公司
    北京市海淀区上地三街9号嘉华大厦F座901室
    电话: 4000-680-620

    Copyright © 2017 Winicssec All Rights Reserved
    版权所有 京ICP备 14062383号-1