CVE-2019-19300

Name of the Vulnerable Software and Affected Versions SIMATIC ET 200AL IM 157-1 PN version 6ES7157-1AB00-0AB0 SIMATIC ET 200MP IM 155-5 PN HF version 6ES7155-5AA00-0AC0 SIMATIC ET 200pro IM 154-8 PN/DP CPU version 6ES7154-8AB01-0AB0 SIMATIC ET 200pro IM 154-8F PN/DP CPU version 6ES7154-8FB01-0AB0 SIMATIC ET 200pro IM 154-8FX PN/DP CPU version 6ES7154-8FX00-0AB0 SIMATIC ET 200S IM 151-8 PN/DP CPU version 6ES7151-8AB01-0AB0 SIMATIC ET 200S IM 151-8F PN/DP CPU version 6ES7151-8FB01-0AB0 SIMATIC ET 200SP IM 155-6 MF HF version 6ES7155-6MU00-0CN0 SIMATIC ET 200SP IM 155-6 PN HA versions prior to V2.0 SIMATIC ET 200SP IM 155-6 PN HF versions prior to V2.0 SIMATIC ET 200SP IM 155-6 PN/2 HF versions prior to V2.0 SIMATIC ET 200SP IM 155-6 PN/3 HF versions prior to V2.0 SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V2.0 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V2.0 SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L version 6ES7144-6JF00-0BB0 SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L version 6ES7148-6JE00-0BB0 SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L version 6ES7148-6JG00-0BB0 SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L version 6ES7148-6JJ00-0BB0 SIMATIC ET200ecoPN, DI 16x24VDC, M12-L version 6ES7141-6BH00-0BB0 SIMATIC ET200ecoPN, DI 8x24VDC, M12-L version 6ES7141-6BG00-0BB0 SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L version 6ES7143-6BH00-0BB0 SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L version 6ES7142-6BG00-0BB0 SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L version 6ES7142-6BR00-0BB0 SIMATIC MICRO-DRIVE PDC version not specified SIMATIC PN/MF Coupler version 6ES7158-3MU10-0XA0 SIMATIC PN/PN Coupler version 6ES7158-3AD10-0XA0 SIMATIC S7-1200 CPU family versions not specified SIMATIC S7-1500 CPU family versions prior to V2.0 SIMATIC S7-1500 Software Controller versions prior to V2.0 SIMATIC S7-300 CPU 314C-2 PN/DP version 6ES7314-6EH04-0AB0 SIMATIC S7-300 CPU 315-2 PN/DP version 6ES7315-2EH14-0AB0 SIMATIC S7-300 CPU 315F-2 PN/DP version 6ES7315-2FJ14-0AB0 SIMATIC S7-300 CPU 315T-3 PN/DP version 6ES7315-7TJ10-0AB0 SIMATIC S7-300 CPU 317-2 PN/DP version 6ES7317-2EK14-0AB0 SIMATIC S7-300 CPU 317F-2 PN/DP version 6ES7317-2FK14-0AB0 SIMATIC S7-300 CPU 317T-3 PN/DP version 6ES7317-7TK10-0AB0 SIMATIC S7-300 CPU 317TF-3 PN/DP version 6ES7317-7UL10-0AB0 SIMATIC S7-300 CPU 319-3 PN/DP version 6ES7318-3EL01-0AB0 SIMATIC S7-300 CPU 319F-3 PN/DP version 6ES7318-3FL01-0AB0 SIMATIC S7-400 H V6 and below CPU family versions not specified SIMATIC S7-400 PN/DP V7 CPU family versions not specified SIMATIC S7-410 V10 CPU family versions not specified SIMATIC S7-410 V8 CPU family versions not specified SIMATIC TDC CP51M1 version not specified SIMATIC TDC CPU555 version not specified SIMATIC WinAC RTX 2010 version 6ES7671-0RC08-0YA0 SIMATIC WinAC RTX F 2010 version 6ES7671-1RC08-0YA0 SINAMICS S/G Control Unit w. PROFINET version not specified SIPLUS ET 200MP IM 155-5 PN HF version 6AG1155-5AA00-2AC0 SIPLUS ET 200MP IM 155-5 PN HF version 6AG1155-5AA00-7AC0 SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL version 6AG2155-5AA00-1AC0 SIPLUS ET 200S IM 151-8 PN/DP CPU version 6AG1151-8AB01-7AB0 SIPLUS ET 200S IM 151-8F PN/DP CPU version 6AG1151-8FB01-2AB0 SIPLUS ET 200SP IM 155-6 PN HF version 6AG1155-6AU00-2CN0 SIPLUS ET 200SP IM 155-6 PN HF version 6AG1155-6AU00-4CN0 SIPLUS ET 200SP IM 155-6 PN HF version 6AG1155-6AU01-2CN0 SIPLUS ET 200SP IM 155-6 PN HF version 6AG1155-6AU01-7CN0 SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL version 6AG2155-6AU00-1CN0 SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL version 6AG2155-6AU01-1CN0 SIPLUS ET 200SP IM 155-6 PN HF TX RAIL version 6AG2155-6AU01-4CN0 SIPLUS NET PN/PN Coupler version 6AG2158-3AD10-4XA0 SIPLUS S7-300 CPU 314C-2 PN/DP version 6AG1314-6EH04-7AB0 SIPLUS S7-300 CPU 315-2 PN/DP version 6AG1315-2EH14-7AB0 SIPLUS S7-300 CPU 315F-2 PN/DP version 6AG1315-2FJ14-2AB0 SIPLUS S7-300 CPU 317-2 PN/DP version 6AG1317-2EK14-7AB0 SIPLUS S7-300 CPU 317F-2 PN/DP version 6AG1317-2FK14-2AB0 KTK ATE530S version not specified SIDOOR ATD430W version not specified SIDOOR ATE530S COATED version not specified SIDOOR ATE531S version not specified Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 version not specified Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P version not specified

Description The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet, which can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.