CVE-2019-10936

Name: CVE-2019-10936
Creator: NVD / NIST
Published: 2019-10-10T14:15:14.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.07%

Last modified Jun 17, 2026

CVE-2019-10936 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.. EPSS estimates a 2.07% chance of exploitation in the next 30 days.

Description

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.07%

79.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Dk Standard Ethernet Controller Firmware	All versions
Siemens	Ek-Ertec 200 Firmware	All versions
Siemens	Ek-Ertec 200p Firmware	< 4.6
Siemens	Ek-Ertec 200p Firmware	4.6
Siemens	Simatic Cfu Pa Firmware	< 1.2.0
Siemens	Simatic Et 200al Firmware	All versions
Siemens	Simatic Et 200m Firmware	All versions
Siemens	Simatic Et 200mp Im 155-5 Pn Ba Firmware	< 4.3.0
Siemens	Simatic Et 200mp Im 155-5 Pn Hf Firmware	< 4.4.0
Siemens	Simatic Et 200mp Im 155-5 Pn St Firmware	All versions
Siemens	Simatic Et 200s Firmware	All versions
Siemens	Simatic Et 200sp Im 155-6 Pn Ba Firmware	All versions
Siemens	Simatic Et 200sp Im 155-6 Pn Ha Firmware	All versions
Siemens	Simatic Et 200sp Im 155-6 Pn Hf Firmware	< 4.2.2
Siemens	Simatic Et 200sp Im 155-6 Pn Hs Firmware	All versions
Siemens	Simatic Et 200sp Im 155-6 Pn St Firmware	All versions
Siemens	Simatic Et 200sp Im 155-6 Pn\/2 Hf Firmware	< 4.2.2
Siemens	Simatic Et 200sp Im 155-6 Pn\/3 Hf Firmware	< 4.2.1
Siemens	Simatic Et 200ecopn Firmware	All versions
Siemens	Simatic Et 200pro Firmware	All versions
Siemens	Simatic Hmi Comfort Outdoor Panels 7\" Firmware	All versions
Siemens	Simatic Hmi Comfort Outdoor Panels 15\" Firmware	All versions
Siemens	Simatic Hmi Comfort Panels 4\" Firmware	All versions
Siemens	Simatic Hmi Comfort Panels 22\" Firmware	All versions
Siemens	Simatic Hmi Ktp Mobile Panels Firmware	All versions
Siemens	Simatic Pn\/Pn Coupler Firmware	< 4.2.1
Siemens	Simatic Profinet Driver Firmware	< 2.1
Siemens	Simatic S7-1200 Cpu Firmware	< 4.4.0
Siemens	Simatic S7-1200 Cpu 1211c Firmware	< 4.4.0
Siemens	Simatic S7-1200 Cpu 1212c Firmware	< 4.4.0
Siemens	Simatic S7-1200 Cpu 1214c Firmware	< 4.4.0
Siemens	Simatic S7-1500 Cpu Firmware	< 2.0
Siemens	Simatic S7-1500s Cpu Firmware	< 2.0
Siemens	Simatic S7-1500t Cpu Firmware	< 2.0
Siemens	Simatic S7-1500 Cpu 1518 Firmware	< 2.0
Siemens	Simatic S7-1500 Cpu 1511c Firmware	< 2.0
Siemens	Simatic S7-1500 Cpu 1512c Firmware	< 2.0
Siemens	Simatic S7-300 Cpu Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 312 Ifm Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 313 Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 314 Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 314 Ifm Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 315 Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 315-2 Dp Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 316-2 Dp Firmware	< 3.3.17
Siemens	Simatic S7-300 Cpu 318-2 Firmware	< 3.3.17
Siemens	Simatic S7-400 Pn V7 Firmware	All versions
Siemens	Simatic S7-400 Dp V7 Firmware	All versions
Siemens	Simatic S7-400 V6 Firmware	< 6.0.9
Siemens	Simatic S7-400h V6 Firmware	< 6.0.9

Showing 50 of 79 affected configurations. See NVD for the full list.

References

Timeline

Published: Oct 10, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-10936?

Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.

How severe is CVE-2019-10936?

CVE-2019-10936 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.07% probability of exploitation in the next 30 days.

How do I fix CVE-2019-10936?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-10936?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST