Publication Date:
Last Update:
Current Version: V2.7
CVSS v3.1 Base Score: 7.5
Un-/Collapse All
Affected Product and Versions Remediation

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V4.6 Patch 01
affected by CVE-2019-10936
Update to V4.6 Patch 01 or later version

All versions < V1.2.0
affected by CVE-2019-10936

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V4.3.0
affected by CVE-2019-10936
Expand children
Expand children
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V1.2.1
affected by CVE-2019-10936
Expand children

All versions < V4.0.1
affected by CVE-2019-10936
Expand children
Currently no fix is planned
Expand children

All versions < V4.2.1
affected by CVE-2019-10936

All versions < V2.0
affected by CVE-2019-10936

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V4.2.1
affected by CVE-2019-10936

All versions < V2.1
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V6.0.9
affected by CVE-2019-10936

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V8.2.2
affected by CVE-2019-10936

All versions < V4.4.0
affected by CVE-2019-10936

All versions < V2.0
affected by CVE-2019-10936

All versions < V1.1.8
affected by CVE-2019-10936

All versions < V1.1.1
affected by CVE-2019-10936

All versions < V2010 SP3
affected by CVE-2019-10936
Update to V2010 SP3 or later version and apply BIOS and Microsoft Windows updates

All versions < V2010 SP3
affected by CVE-2019-10936
Update to V2010 SP3 or later version and apply BIOS and Microsoft Windows updates

All versions < V1.5 HF1
affected by CVE-2019-10936

All versions < V1.3
affected by CVE-2019-10936

All versions < V4.7 SP10 HF5
affected by CVE-2019-10936
Update to V4.7 SP10 HF5 or later version

All versions < V4.7 SP10 HF5
affected by CVE-2019-10936
Update to V4.7 SP10 HF5 or later version

All versions < 4.8
affected by CVE-2019-10936

All versions < 4.8
affected by CVE-2019-10936

All versions
affected by CVE-2019-10936
Upgrade to V4.8 SP2 HF9

All versions
affected by CVE-2019-10936
Upgrade to V4.8 SP2 HF9

All versions
affected by CVE-2019-10936
Upgrade to V4.8 SP2 HF9

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions
affected by CVE-2019-10936

All versions < 4.8
affected by CVE-2019-10936

All versions < V4.7 HF33
affected by CVE-2019-10936
Update to V4.7 HF33 or later version

All versions
affected by CVE-2019-10936
Currently no fix is planned

All versions < V4.8 SP5
affected by CVE-2019-10936
Update to V4.8 SP5 or later version

All versions < V4.8 SP6
affected by CVE-2019-10936
Update to V4.8 SP6 or later version

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V4.2.1
affected by CVE-2019-10936

All versions < V3.3.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V3.2.17
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936

All versions < V7.0.3
affected by CVE-2019-10936
  • Restrict network access to affected devices

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CWE CWE-400: Uncontrolled Resource Consumption

  • Artem Zinenko from Kaspersky for pointing out that SIPLUS should also be mentioned

https://www.siemens.com/cert/advisories
V1.0 (2019-10-08): Publication Date
V1.1 (2019-11-12): Added solution for SINAMICS S120 V4.7, SINAMICS S150, SINAMICS G130 V4.7, SINAMICS G150 and SINAMICS SL150 V4.7
V1.2 (2020-01-14): Added solution for SIMATIC S7-1200 and S7-1500 Software and Open Controller. SIPLUS devices now explicitly mentioned in the list of affected products
V1.3 (2020-02-11): Added solution for SINAMICS DCP
V1.4 (2020-03-10): Added solution for SIMATIC S7-300 CPU family
V1.5 (2020-04-14): Added solution for SIMATIC ET200MP IM155-5 PN HF
V1.6 (2020-07-14): Added SIMATIC TDC CP51M1 and CPU555 to the list of affected products
V1.7 (2020-08-11): Added solution for SIMATIC PN/PN Coupler. Added SIMATIC ET200ecoPN product variants (MLFB IDs) that are not affected
V1.8 (2020-09-08): Added solution for EK-ERTEC 200P and S7-410 V8
V1.9 (2021-01-12): Added solution for SIMATIC ET200SP IM155-6 PN HA and added ecoPN model (6ES7148-6JG00-0BB0) as not affected
V2.0 (2021-06-08): Added solution for SIMATIC ET200SP IM155-6 PN HS
V2.1 (2021-10-12): Clarified affected ET200ecoPN models
V2.2 (2022-02-08): Clarified that no remediation is planned for ET200 devices
V2.3 (2022-08-09): No fix planned for SIMATIC S7-400 PN/DP V6 and below CPU family
V2.4 (2022-12-13): Added fix for SINUMERK 840D sl; no fix planned for PROFINET development/evaluation kits - DK Standard Ethernet Controller and EK-ERTEC 200; SIMATIC S7-300 CPU family expanded with product specific designations, patch links and MLFBs
V2.5 (2023-01-10): No fix planned for remaining products
V2.6 (2023-05-09): Expanded SIMATIC S7-400 V7 CPU family (incl. SIPLUS variants) to individual products and MLFBs; added fix for SIMATIC S7-400 PN/DP V7 CPUs; clarified that other S7-400 V7 CPUs are not affected
V2.7 (2024-07-09): Listed affected products individually instead of product families (e.g., for SIMATIC ET 200AL/MP/SP/pro IM families); added affected SIPLUS devices (e.g., SIPLUS ET 200xx IM)