CVE & CISA-KEV Catalog

CVE-2019-13946

HIGHEPSS 70th pctl
7.5
CVSS v3
NVD

Description

Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device.

How to fix

Remediation Available
ek-ertec 200 firmwareNVD
Affected:< 4.5Fixed in:4.5CVE-2019-13946derived from NVD
ek-ertec 200p firmwareNVD
Affected:< 4.6Fixed in:4.6CVE-2019-13946derived from NVD
profinet driverNVD
Affected:< 2.1Fixed in:2.1CVE-2019-13946derived from NVD
ruggedcom rm1224 firmwareNVD
Affected:< 4.3Fixed in:4.3CVE-2019-13946derived from NVD
scalance m-800 firmwareNVD
Affected:< 4.3Fixed in:4.3CVE-2019-13946derived from NVD
scalance s615 firmwareNVD
Affected:< 4.3Fixed in:4.3CVE-2019-13946derived from NVD
scalance x-200irt firmwareNVD
Affected:< 5.3Fixed in:5.3CVE-2019-13946derived from NVD
scalance x-400 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
scalance xb-200 firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
scalance xc-200 firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
scalance xf-200ba firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
scalance xm-400 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
scalance xp-200 firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
scalance xr-300wg firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
scalance xr524 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
scalance xr526 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
scalance xr528 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
scalance xr552 firmwareNVD
Affected:< 6.0Fixed in:6.0CVE-2019-13946derived from NVD
simatic cp 1604 firmwareNVD
Affected:< 2.8Fixed in:2.8CVE-2019-13946derived from NVD
simatic cp 1616 firmwareNVD
Affected:< 2.8Fixed in:2.8CVE-2019-13946derived from NVD
simatic et200mp im155-5 pn hf firmwareNVD
Affected:< 4.2.0Fixed in:4.2.0CVE-2019-13946derived from NVD
simatic et200mp im155-5 pn st firmwareNVD
Affected:< 4.1.0Fixed in:4.1.0CVE-2019-13946derived from NVD
simatic et200sp im155-6 pn hf firmwareNVD
Affected:< 3.3.1Fixed in:3.3.1CVE-2019-13946derived from NVD
simatic et200sp im155-6 pn st firmwareNVD
Affected:< 4.1.0Fixed in:4.1.0CVE-2019-13946derived from NVD
simatic rf600 firmwareNVD
Affected:< 3.0Fixed in:3.0CVE-2019-13946derived from NVD
sinamics dcp firmwareNVD
Affected:< 1.3Fixed in:1.3CVE-2019-13946derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

1.45%probability of exploitation in 30 days
70thpercentile

Elevated risk: more likely to be exploited than 70% of all known CVEs.

References

Vendor Advisory1
Other references1

Related Vulnerabilities

Other CWE-400 (Resource Exhaustion) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-44487High7.5100%KEVFix
CVE-2021-44228Critical10.0100%KEV + RansomFix
CVE-2011-3192High7.899%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2024-25617Medium5.389%-Fix
CVE-2018-1000115High7.589%-Fix
Embed a live status badge for CVE-2019-13946
CVE-2019-13946 severity badge

Markdown

[![CVE-2019-13946](https://tridentstack.com/cve/badge/CVE-2019-13946.svg)](https://tridentstack.com/cve/CVE-2019-13946)

HTML

<a href="https://tridentstack.com/cve/CVE-2019-13946"><img src="https://tridentstack.com/cve/badge/CVE-2019-13946.svg" alt="CVE-2019-13946"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.