CVE-2019-13946

Name of the Vulnerable Software and Affected Versions Profinet-IO (PNIO) stack versions prior to V06.00

Description The issue is related to an uncontrolled resource consumption in the DCE-RPC interface of Siemens hardware and software. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. An attacker with network access to an affected device can exploit this issue without requiring system privileges or user interaction, compromising the availability of the device.

Recommendations For Profinet-IO (PNIO) stack versions prior to V06.00, update to version V06.00 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.