DK Standard Ethernet Controller All versions Uncontrolled Resource Consumption Vulnerability

Summary

Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. 

Credit:

The information has been provided by Vendor

The original article can be found at: https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf


Details

The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.

Vulnerable Systems:

DK Standard Ethernet Controller 

CVE Information:

CVE-2019-10936 

Disclosure Timeline:
Published Date:10/10/2019