CVE-2019-13921

Name of the Vulnerable Software and Affected Versions SIMATIC WinAC RTX (F) 2010 versions prior to SP3 Update 1

Description A vulnerability has been identified that could allow an unauthenticated attacker to trigger a denial-of-service condition by sending a large HTTP request to the executing service. The vulnerability can be exploited by an attacker with network access to the affected systems, requiring no system privileges and no user interaction. This could compromise the availability of the service provided by the software.

Recommendations For SIMATIC WinAC RTX (F) 2010 versions prior to SP3 Update 1, update to SP3 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.