CVE-2019-10953 - Vulnerability Details

ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abb	Pm554-tp-eth Pm554-tp-eth Firmware
Phoenixcontact	Ilc 151 Eth Ilc 151 Eth Firmware
Schneider-electric	Modicon M221 Modicon M221 Firmware
Siemens	6ed1052-1cc01-0ba8 6ed1052-1cc01-0ba8 Firmware 6es7211-1ae40-0xb0 6es7211-1ae40-0xb0 Firmware 6es7314-6eh04-0ab0 6es7314-6eh04-0ab0 Firmware
Wago	Bacnet\/ip Bacnet\/ip Firmware Ethernet Ethernet Firmware Knx Ip Knx Ip Firmware Pfc100 Pfc100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:abb:pm554-tp-eth_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:abb:pm554-tp-eth:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:phoenixcontact:ilc_151_eth_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phoenixcontact:ilc_151_eth:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:modicon_m221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:modicon_m221:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:6es7211-1ae40-0xb0_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7211-1ae40-0xb0:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:6es7314-6eh04-0ab0_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6es7314-6eh04-0ab0:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:6ed1052-1cc01-0ba8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:6ed1052-1cc01-0ba8:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:wago:knx_ip_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wago:knx_ip:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:wago:pfc100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wago:pfc100:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:wago:ethernet_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wago:ethernet:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:wago:bacnet\/ip_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:wago:bacnet\/ip:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/108413
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03

History

Fri, 29 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2019-04-17T14:02:15.000Z

Updated: 2026-05-29T14:45:20.435Z

Reserved: 2019-04-08T00:00:00.000Z

Link: CVE-2019-10953

Vulnrichment

Updated: 2024-08-04T22:40:15.294Z

NVD

Status : Modified

Published: 2019-04-17T15:29:00.843

Modified: 2026-05-29T16:16:20.270

Link: CVE-2019-10953

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object