CVE-2019-10953
CVE-2019-10953
In short
Programmable Logic Controllers (PLCs) from major manufacturers can be crashed by flooding them with network packets, causing them to stop working. This affects critical industrial systems and infrastructure that rely on these controllers to operate.
Technical detail
A remote, unauthenticated attacker can trigger a denial-of-service condition by sending a high volume of crafted network packets to vulnerable PLCs (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO). The attack exploits insufficient input validation or resource exhaustion mechanisms, resulting in service unavailability of industrial control systems.
Summary generated and translated by AI from the official description.
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
ABB · 1SAP120600R0071 PM554-TP-ETHPhoenix Contact · 2700974 ILC 151 ETHPhoenix Contact · ILC 191 ETH 2TXSchneider Electric · EcoStruxure Machine Expert – BasicSchneider Electric · Modicon M221Siemens · 6ED1052-1CC01-0BA8 Logo! 8Siemens · 6ES7211-1AE40-0XB0 Simatic S7-1211Siemens · 6ES7314-6EH04-0AB0 Simatic S7-314WAGO · 750-8100 Controller PFC100WAGO · 750-831 Controller BACnet/IPWAGO · 750-880 Controller ETHWAGO · 750-889 Controller KNX IPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →