CVE Published: 11/02/2020 |
CVE Updated: 05/08/2024 |
CVE Year: 2019 Source: siemens |
Vendor: Siemens |
Product: Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller Status : PUBLISHED
CVE-2019-13946 Description
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user interaction. An attacker could use the vulnerability
to compromise the availability of the device.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C