Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5637

Summary
Assigner-rapid7
Assigner Org ID-9974b330-7714-4307-a722-5648477acda7
Published At-21 Nov, 2019 | 19:16
Updated At-17 Sep, 2024 | 01:35
Rejected At-
Credits

Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:rapid7
Assigner Org ID:9974b330-7714-4307-a722-5648477acda7
Published At:21 Nov, 2019 | 19:16
Updated At:17 Sep, 2024 | 01:35
Rejected At:
▼CVE Numbering Authority (CNA)
Beckhoff TwinCAT Profinet Driver Divide-by-Zero Denial of Service

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

Affected Products
Vendor
Beckhoff Automation GmbH & Co. KGBeckhoff
Product
TwinCAT 2
Versions
Affected
  • From 2304 through 2304 (custom)
Vendor
Beckhoff Automation GmbH & Co. KGBeckhoff
Product
TwinCAT 3.1
Versions
Affected
  • From 4204.0 through 4204.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-369CWE-369 Divide By Zero
Type: CWE
CWE ID: CWE-369
Description: CWE-369 Divide By Zero
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
This issue was discovered, and reported to Rapid7, by Andreas Galauner at Rapid7. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
x_refsource_MISC
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
x_refsource_CONFIRM
Hyperlink: https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
Resource:
x_refsource_MISC
Hyperlink: https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
x_refsource_MISC
x_transferred
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
x_refsource_CONFIRM
x_transferred
Hyperlink: https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@rapid7.com
Published At:21 Nov, 2019 | 20:15
Updated At:04 Feb, 2020 | 23:15

When Beckhoff TwinCAT is configured to use the Profinet driver, a denial of service of the controller could be reached by sending a malformed UDP packet to the device. This issue affects TwinCAT 2 version 2304 (and prior) and TwinCAT 3.1 version 4204.0 (and prior).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Beckhoff Automation GmbH & Co. KG
beckhoff
>>twincat>>3.1.4022.30
cpe:2.3:o:beckhoff:twincat:3.1.4022.30:*:*:*:*:*:*:*
Beckhoff Automation GmbH & Co. KG
beckhoff
>>twincat_cx2030>>-
cpe:2.3:h:beckhoff:twincat_cx2030:-:*:*:*:*:*:*:*
Beckhoff Automation GmbH & Co. KG
beckhoff
>>twincat_cx5140>>-
cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*
Beckhoff Automation GmbH & Co. KG
beckhoff
>>twincat>>3.1.4022.29
cpe:2.3:o:beckhoff:twincat:3.1.4022.29:*:*:*:*:*:*:*
Beckhoff Automation GmbH & Co. KG
beckhoff
>>twincat_cx5140>>-
cpe:2.3:h:beckhoff:twincat_cx5140:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-369Primarynvd@nist.gov
CWE-369Secondarycve@rapid7.com
CWE ID: CWE-369
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-369
Type: Secondary
Source: cve@rapid7.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/cve@rapid7.com
Exploit
Third Party Advisory
https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdfcve@rapid7.com
Mitigation
Vendor Advisory
Hyperlink: https://blog.rapid7.com/2019/10/08/r7-2019-32-denial-of-service-vulnerabilities-in-beckhoff-twincat-plc-environment-fixed/
Source: cve@rapid7.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://download.beckhoff.com/download/Document/product-security/Advisories/advisory-2019-007.pdf
Source: cve@rapid7.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

61Records found
CVE-2023-38677
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 08:11
Updated-17 Apr, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FPE in paddle.linalg.eig

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-369
Divide By Zero
CVE-2023-38672
Matching Score-4
Assigner-Baidu, Inc.
ShareView Details
Matching Score-4
Assigner-Baidu, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.10% / 27.78%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 11:04
Updated-23 Oct, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FPE in paddle.linalg.matrix_power

FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.

Action-Not Available
Vendor-paddlepaddlePaddlePaddle
Product-paddlepaddlePaddlePaddle
CWE ID-CWE-369
Divide By Zero
CVE-2016-9112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.90%
||
7 Day CHG~0.00%
Published-29 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

Action-Not Available
Vendor-uclouvainn/a
Product-openjpegn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-5323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.21%
||
7 Day CHG~0.00%
Published-20 Jan, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.

Action-Not Available
Vendor-n/aopenSUSELibTIFF
Product-opensuselibtiffn/a
CWE ID-CWE-369
Divide By Zero
CVE-2016-3623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 80.89%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0.

Action-Not Available
Vendor-n/aLibTIFFopenSUSE
Product-libtiffopensusen/a
CWE ID-CWE-369
Divide By Zero
CVE-2012-0207
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-7.5||HIGH
EPSS-13.17% / 93.87%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_eusn/a
CWE ID-CWE-369
Divide By Zero
CVE-2025-23321
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.95%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 12:38
Updated-12 Aug, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-triton_inference_serverwindowslinux_kernelTriton Inference Server
CWE ID-CWE-369
Divide By Zero
CVE-2019-14494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.27%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 16:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.orgDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxdebian_linuxfedoraenterprise_linuxpopplern/a
CWE ID-CWE-369
Divide By Zero
CVE-2021-33653
Matching Score-4
Assigner-openEuler
ShareView Details
Matching Score-4
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.59%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 16:25
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception.

Action-Not Available
Vendor-mindsporen/a
Product-mindsporeopenEuler:mindspore
CWE ID-CWE-369
Divide By Zero
CVE-2024-8063
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.06%
||
7 Day CHG+0.02%
Published-20 Mar, 2025 | 10:10
Updated-13 May, 2025 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Divide by Zero in ollama/ollama

A divide by zero vulnerability exists in ollama/ollama version v0.3.3. The vulnerability occurs when importing GGUF models with a crafted type for `block_count` in the Modelfile. This can lead to a denial of service (DoS) condition when the server processes the model, causing it to crash.

Action-Not Available
Vendor-ollamaollama
Product-ollamaollama/ollama
CWE ID-CWE-369
Divide By Zero
CVE-2021-20309
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.61%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 00:00
Updated-03 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImagemMagick
CWE ID-CWE-369
Divide By Zero
  • Previous
  • 1
  • 2
  • Next
Details not found