A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.
CVE-2019-19301 (scalance_x-200irt_firmware, scalance_x-200irt_pro_firmware, scalance_x-300_firmware, scalance_xb-200_firmware, scalance_xc-200_firmware, scalance_xf-200_firmware, scalance_xp-200_firmware, scalance_xr-300_firmware, scalance_xr-300wg_firmware, simatic_cp_443-1_advanced_firmware, simatic_cp_443-1_firmware, simatic_rf180c_firmware, simatic_rf182c_firmware)
Leave a reply
