工控系统行业漏洞库平台
    ICS Vulnerability Database

多款Siemens产品资源管理错误漏洞(CNVD-2020-23036) 漏洞详情

漏洞参数

漏洞类型: 资源管理错误

危险级别: 高危

CVE编号: CVE-2019-19301

CNVD编号: CNVD-2020-23036

CNNVD编号: CNNVD-202004-800

发布时间: 2020-04-14

CVSS雷达图
CVSS评分: 7.7863900799999985
受影响的平台和产品

scalance_xc-200_firmware *

simatic_cp_443-1_firmware *

simatic_cp_443-1_advanced_firmware *

simatic_rf180c_firmware *

simatic_rf182c_firmware *

scalance_xf-200_firmware *

scalance_xp-200_firmware *

scalance_xb-200_firmware *

scalance_x-200irt_firmware *

scalance_x-200irt_pro_firmware *

scalance_xr-300wg_firmware *

scalance_x-300_firmware *

scalance_xr-300_firmware *

漏洞描述

A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.

安全建议&解决方案
  1. 厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://support.industry.siemens.com 厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://support.industry.siemens.com 厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://support.industry.siemens.com 厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://support.industry.siemens.com 厂商尚未提供漏洞修复方案,请关注厂商主页更新: https://support.industry.siemens.com
  • 联系我们
  • 如果您对我们感兴趣,请联系我们。

    • 北京威努特技术有限公司
    北京市海淀区上地三街9号嘉华大厦F座901室
    电话: 4000-680-620

    Copyright © 2017 Winicssec All Rights Reserved
    版权所有 京ICP备 14062383号-1