CVE-2019-10953
7.5 HIGHABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions
Published: 2019-04-17 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-400, CWE-770
Affected products
| Vendor | Product |
|---|---|
| abb | 6ed1052-1cc01-0ba8_firmware, 6es7211-1ae40-0xb0_firmware, 6es7314-6eh04-0ab0_firmware |
| phoenixcontact | 6ed1052-1cc01-0ba8_firmware, 6es7211-1ae40-0xb0_firmware, 6es7314-6eh04-0ab0_firmware |
| schneider-electric | 6ed1052-1cc01-0ba8_firmware, 6es7211-1ae40-0xb0_firmware, 6es7314-6eh04-0ab0_firmware |
| siemens | 6ed1052-1cc01-0ba8_firmware, 6es7211-1ae40-0xb0_firmware, 6es7314-6eh04-0ab0_firmware |
| wago | 6ed1052-1cc01-0ba8_firmware, 6es7211-1ae40-0xb0_firmware, 6es7314-6eh04-0ab0_firmware |
Description
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-10953
- [Other]http://www.securityfocus.com/bid/108413
- [Other]https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2019/icsa-19-106-03.json
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03
- [Other]http://www.securityfocus.com/bid/108413
- [Other]https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03
Related CVEs
Same vendor
- CVE-2025-14774 — Incorrect Authorization vulnerability in ABB T-MAC Plus (7.4 HIGH)
- CVE-2025-14773 — Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus (8.0 HIGH)
- CVE-2025-14772 — Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus (8.8 HIGH)
- CVE-2025-14771 — Files or directories accessible to external parties vulnerability in ABB T-MAC Plus (9.9 CRITICAL)
- CVE-2026-6332 — CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information whic... (7.5 HIGH)
Same CWE
- CVE-2026-53460 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-47734 — Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
- CVE-2026-46702 — Russh is a Rust SSH client & server library (7.5 HIGH)
- CVE-2026-46689 — Kanidm is an identity management platform
- CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)