Dk Standard Ethernet Controller Firmware
CVE-2019-10936
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from Vendor (siemens) · only source for this CVE.
CVSS VectorVendor: siemens
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Affected devices improperly handle large amounts of specially crafted UDP packets.
This could allow an unauthenticated remote attacker to trigger a denial of service condition.
AnalysisAI
Affected devices improperly handle large amounts of specially crafted UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. Affected products include: Siemens Dk Standard Ethernet Controller Firmware, Siemens Ek-Ertec 200 Firmware, Siemens Ek-Ertec 200P Firmware, Siemens Simatic Cfu Pa Firmware, Siemens Simatic Et 200Al Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
Specially crafted packets sent to port 161/udp could cause a denial of service condition. Rated high severity (CVSS 8.7)
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a loc
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a d
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today