Vulnerabilities > Siemens > EK Ertec 200 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2019-13946 Resource Exhaustion vulnerability in Siemens products
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be exploited by an attacker with network access to an affected device.
network
low complexity
siemens CWE-400
7.5
2019-10-10 CVE-2019-10936 Resource Exhaustion vulnerability in Siemens products
Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition.
network
low complexity
siemens CWE-400
7.5
2019-10-10 CVE-2019-10923 Resource Exhaustion vulnerability in Siemens products
An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation.
network
low complexity
siemens CWE-400
7.5