CVE-2019-10953
HIGHABB PM554-TP-ETH Firmware - Denial of Service via Network Packet Flood
Title source: llmDescription
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108413
Mitigation, Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03
Scores
CVSS v3
7.5
EPSS
0.0367
EPSS Percentile
88.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
CWE-770
Status
published
Products (25)
None/ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers
Multiple
ABB/1SAP120600R0071 PM554-TP-ETH
Multiple
abb/pm554-tp-eth_firmware
Phoenix Contact/2700974 ILC 151 ETH
Multiple
Phoenix Contact/ILC 191 ETH 2TX
Multiple
phoenixcontact/ilc_151_eth_firmware
Schneider Electric/EcoStruxure Machine Expert – Basic
< v1.0
Schneider Electric/EcoStruxure Machine Expert – Basic
v1.0
Schneider Electric/Modicon M221
< v1.10.0.0
Schneider Electric/Modicon M221
v1.10.0.0
... and 15 more
Published
Apr 17, 2019
Tracked Since
Feb 18, 2026