CVE-2019-10937
Description
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated attackers can cause a denial-of-service condition in Siemens SIMATIC TDC CP51M1 by sending a specially crafted UDP packet, affecting all versions before 1.1.7.
Vulnerability
SIMATIC TDC CP51M1 versions prior to 1.1.7 are vulnerable to improper input validation (CWE-20) in UDP communication. An attacker can send a specially crafted UDP packet to the device to trigger a denial-of-service condition [1].
Exploitation
The vulnerability can be exploited remotely over the network without authentication and without user interaction. The attacker only needs network access to send the malicious UDP packet to the affected device [1].
Impact
Successful exploitation leads to a denial-of-service condition that compromises the availability of the targeted system. The confidentiality and integrity are not affected [1].
Mitigation
Siemens recommends updating to version 1.1.7 or later. Workarounds include restricting network access and UDP communication to affected devices, and implementing defense-in-depth concepts [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < V1.1.7
- Siemens AG/SIMATIC TDC CP51M1v5Range: All versions < V1.1.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert-portal.siemens.com/productcert/pdf/ssa-250618.pdfmitrex_refsource_MISC
- www.us-cert.gov/ics/advisories/icsa-19-253-05mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.