CVE-2019-13939
16.01.2020, 16:15
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | capital_vstar | * |
| siemens | nucleus_net | * |
| siemens | nucleus_readystart | 𝑥 < 2017.02.2 |
| siemens | nucleus_safetycert | * |
| siemens | nucleus_source_code | * |
| siemens | nucleus_rtos | * |
| siemens | apogee_modular_equiment_controller_firmware | 𝑥 < 2.8.2 |
| siemens | apogee_modular_building_controller_firmware | 𝑥 < 2.8.2 |
| siemens | apogee_pxc_firmware | 𝑥 ≤ 2.8.2 |
| siemens | desigo_pxc_firmware | 2.3 ≤ |
| siemens | desigo_pxm20_firmware | 2.3 ≤ |
| siemens | simotics_connect_400_firmware | 𝑥 ≤ 0.3.0.95 |
| siemens | talon_tc_firmware | 3.0 ≤ |
| siemens | desigo_pxc00-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc00-u_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc001-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc12-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc22-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc22.1-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigo_pxc36.1-e.d_firmware | 2.3.0 ≤ 𝑥 < 6.00.327 |
| siemens | desigopxc50-e.d_firmware | - |
| siemens | desigopxc64-u_firmware | - |
| siemens | desigopxc100-e.d_firmware | - |
| siemens | desigopxc128-u_firmware | - |
| siemens | desigopxc200-e.d_firmware | - |
| siemens | desigopxm20-e_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References