CVE-2019-13939

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

Se ha identificado una vulnerabilidad en APOGEE MEC/MBC/PXC (P2) (Todas las versiones anteriores a V2.8.2), APOGEE PXC Series (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Series (P2) (Todas las versiones posteriores o iguales a V2. 8.2 y anteriores a V2.8.19), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC001-E. D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Desigo PXC22.1-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC50-E. D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Nucleus NET (Todas las versiones), Nucleus RTOS (Todas las versiones), Nucleus ReadyStart para ARM, MIPS y PPC (Todas las versiones anteriores a V2017.02.2 con parche "Nucleus 2017.02. 02 Nucleus NET Patch"), Nucleus SafetyCert (Todas las versiones), Nucleus Source Code (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.3.0.330), TALON TC Series (BACnet) (Todas las versiones anteriores a V3.5.3), VSTAR (Todas las versiones). Al enviar paquetes DHCP especialmente diseñados a un dispositivo donde el cliente DHCP está habilitado, un atacante podría cambiar la dirección IP del dispositivo a un valor no válido. La vulnerabilidad podría afectar a la disponibilidad e integridad del dispositivo. Se requiere acceso a la red adyacente, pero no se necesita autenticación ni interacción del usuario para realizar un ataque

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-07-18 CVE Reserved
2020-01-16 CVE Published
2024-02-14 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (5)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf	2024-02-13
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf	2024-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Apogee Modular Equiment Controller Firmware Search vendor "Siemens" for product "Apogee Modular Equiment Controller Firmware"	< 2.8.2 Search vendor "Siemens" for product "Apogee Modular Equiment Controller Firmware" and version " < 2.8.2"	-	Affected	in	Siemens Search vendor "Siemens"	Apogee Modular Equiment Controller Search vendor "Siemens" for product "Apogee Modular Equiment Controller"	-	-	Safe
Siemens Search vendor "Siemens"	Apogee Modular Building Controller Firmware Search vendor "Siemens" for product "Apogee Modular Building Controller Firmware"	< 2.8.2 Search vendor "Siemens" for product "Apogee Modular Building Controller Firmware" and version " < 2.8.2"	-	Affected	in	Siemens Search vendor "Siemens"	Apogee Modular Building Controller Search vendor "Siemens" for product "Apogee Modular Building Controller"	-	-	Safe
Siemens Search vendor "Siemens"	Apogee Pxc Firmware Search vendor "Siemens" for product "Apogee Pxc Firmware"	<= 2.8.2 Search vendor "Siemens" for product "Apogee Pxc Firmware" and version " <= 2.8.2"	-	Affected	in	Siemens Search vendor "Siemens"	Apogee Pxc Search vendor "Siemens" for product "Apogee Pxc"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc Firmware Search vendor "Siemens" for product "Desigo Pxc Firmware"	>= 2.3 Search vendor "Siemens" for product "Desigo Pxc Firmware" and version " >= 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc Search vendor "Siemens" for product "Desigo Pxc"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxm20 Firmware Search vendor "Siemens" for product "Desigo Pxm20 Firmware"	>= 2.3 Search vendor "Siemens" for product "Desigo Pxm20 Firmware" and version " >= 2.3"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxm20 Search vendor "Siemens" for product "Desigo Pxm20"	-	-	Safe
Siemens Search vendor "Siemens"	Simotics Connect 400 Firmware Search vendor "Siemens" for product "Simotics Connect 400 Firmware"	<= 0.3.0.95 Search vendor "Siemens" for product "Simotics Connect 400 Firmware" and version " <= 0.3.0.95"	-	Affected	in	Siemens Search vendor "Siemens"	Simotics Connect 400 Search vendor "Siemens" for product "Simotics Connect 400"	-	-	Safe
Siemens Search vendor "Siemens"	Talon Tc Firmware Search vendor "Siemens" for product "Talon Tc Firmware"	>= 3.0 Search vendor "Siemens" for product "Talon Tc Firmware" and version " >= 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	Talon Tc Search vendor "Siemens" for product "Talon Tc"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc00-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc00-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc00-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc00-e.d Search vendor "Siemens" for product "Desigo Pxc00-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc00-u Firmware Search vendor "Siemens" for product "Desigo Pxc00-u Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc00-u Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc00-u Search vendor "Siemens" for product "Desigo Pxc00-u"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc001-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc001-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc001-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc001-e.d Search vendor "Siemens" for product "Desigo Pxc001-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc12-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc12-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc12-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc12-e.d Search vendor "Siemens" for product "Desigo Pxc12-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc22-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc22-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc22-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc22-e.d Search vendor "Siemens" for product "Desigo Pxc22-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc22.1-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc22.1-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc22.1-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc22.1-e.d Search vendor "Siemens" for product "Desigo Pxc22.1-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigo Pxc36.1-e.d Firmware Search vendor "Siemens" for product "Desigo Pxc36.1-e.d Firmware"	>= 2.3.0 < 6.00.327 Search vendor "Siemens" for product "Desigo Pxc36.1-e.d Firmware" and version " >= 2.3.0 < 6.00.327"	-	Affected	in	Siemens Search vendor "Siemens"	Desigo Pxc36.1-e.d Search vendor "Siemens" for product "Desigo Pxc36.1-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxc50-e.d Firmware Search vendor "Siemens" for product "Desigopxc50-e.d Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxc50-e.d Search vendor "Siemens" for product "Desigopxc50-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxc64-u Firmware Search vendor "Siemens" for product "Desigopxc64-u Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxc64-u Search vendor "Siemens" for product "Desigopxc64-u"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxc100-e.d Firmware Search vendor "Siemens" for product "Desigopxc100-e.d Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxc100-e.d Search vendor "Siemens" for product "Desigopxc100-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxc128-u Firmware Search vendor "Siemens" for product "Desigopxc128-u Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxc128-u Search vendor "Siemens" for product "Desigopxc128-u"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxc200-e.d Firmware Search vendor "Siemens" for product "Desigopxc200-e.d Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxc200-e.d Search vendor "Siemens" for product "Desigopxc200-e.d"	-	-	Safe
Siemens Search vendor "Siemens"	Desigopxm20-e Firmware Search vendor "Siemens" for product "Desigopxm20-e Firmware"	-	-	Affected	in	Siemens Search vendor "Siemens"	Desigopxm20-e Search vendor "Siemens" for product "Desigopxm20-e"	-	-	Safe
Siemens Search vendor "Siemens"		Capital Vstar Search vendor "Siemens" for product "Capital Vstar"				*		-		Affected
Siemens Search vendor "Siemens"		Nucleus Net Search vendor "Siemens" for product "Nucleus Net"				*		-		Affected
Siemens Search vendor "Siemens"		Nucleus Readystart Search vendor "Siemens" for product "Nucleus Readystart"				< 2017.02.2 Search vendor "Siemens" for product "Nucleus Readystart" and version " < 2017.02.2"		-		Affected
Siemens Search vendor "Siemens"		Nucleus Safetycert Search vendor "Siemens" for product "Nucleus Safetycert"				*		-		Affected
Siemens Search vendor "Siemens"		Nucleus Source Code Search vendor "Siemens" for product "Nucleus Source Code"				*		-		Affected
Siemens Search vendor "Siemens"		Nucleus Rtos Search vendor "Siemens" for product "Nucleus Rtos"				*		-		Affected