PT-2019-3850 · Siemens · Simatic Winac Rtx 2010

Published

2019-10-08

Updated

2020-10-16

CVE-2019-13921

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SIMATIC WinAC RTX (F) 2010 versions prior to SP3 Update 1

Description A vulnerability has been identified that could allow an unauthenticated attacker to trigger a denial-of-service condition by sending a large HTTP request to the executing service. The vulnerability can be exploited by an attacker with network access to the affected systems, requiring no system privileges and no user interaction. This could compromise the availability of the service provided by the software.

Recommendations For SIMATIC WinAC RTX (F) 2010 versions prior to SP3 Update 1, update to SP3 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.

Fix

Resource Exhaustion

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-287CWE-410

Related Identifiers

BDU:2019-04213

CVE-2019-13921

Affected Products

Simatic Winac Rtx 2010

PT-2019-3850 · Siemens · Simatic Winac Rtx 2010

CVE-2019-13921

Weakness Enumeration

Related Identifiers

Affected Products

References · 4