CVE-2019-13939

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
siemensCNA
7.1 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
siemenscapital_vstar
*
siemensnucleus_net
*
siemensnucleus_readystart
𝑥
< 2017.02.2
siemensnucleus_safetycert
*
siemensnucleus_source_code
*
siemensnucleus_rtos
*
siemensapogee_modular_equiment_controller_firmware
𝑥
< 2.8.2
siemensapogee_modular_building_controller_firmware
𝑥
< 2.8.2
siemensapogee_pxc_firmware
𝑥
≤ 2.8.2
siemensdesigo_pxc_firmware
2.3 ≤
siemensdesigo_pxm20_firmware
2.3 ≤
siemenssimotics_connect_400_firmware
𝑥
≤ 0.3.0.95
siemenstalon_tc_firmware
3.0 ≤
siemensdesigo_pxc00-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc00-u_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc001-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc12-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc22-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc22.1-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigo_pxc36.1-e.d_firmware
2.3.0 ≤
𝑥
< 6.00.327
siemensdesigopxc50-e.d_firmware
-
siemensdesigopxc64-u_firmware
-
siemensdesigopxc100-e.d_firmware
-
siemensdesigopxc128-u_firmware
-
siemensdesigopxc200-e.d_firmware
-
siemensdesigopxm20-e_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06