CVE-2019-13939

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-13939
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_safetycert:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:nucleus_rtos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm20_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm20:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:talon_tc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxc50-e.d:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:desigopxc64-u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxc64-u:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxc100-e.d:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:desigopxc128-u_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxc128-u:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxc200-e.d:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:desigopxm20-e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigopxm20-e:-:*:*:*:*:*:*:*
History

13 Feb 2024, 09:15

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-20
References
  • () https://cert-portal.siemens.com/productcert/html/ssa-162506.html -
  • () https://cert-portal.siemens.com/productcert/html/ssa-434032.html -
Summary A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
Information

Published : 2020-01-16 16:15

Updated : 2024-02-28 17:28

NVD link : CVE-2019-13939

Mitre link : CVE-2019-13939

CVE.ORG link : CVE-2019-13939

JSON object : View

Products Affected

siemens

  • capital_vstar
  • apogee_modular_equiment_controller_firmware
  • desigo_pxm20
  • talon_tc
  • desigopxc200-e.d_firmware
  • desigo_pxc22.1-e.d
  • desigo_pxc_firmware
  • simotics_connect_400
  • desigo_pxc22.1-e.d_firmware
  • desigo_pxc22-e.d
  • desigo_pxc00-u
  • nucleus_readystart
  • simotics_connect_400_firmware
  • apogee_modular_building_controller_firmware
  • desigo_pxc22-e.d_firmware
  • desigo_pxc36.1-e.d_firmware
  • desigopxc64-u_firmware
  • nucleus_net
  • apogee_pxc_firmware
  • desigo_pxc00-u_firmware
  • desigo_pxc001-e.d
  • nucleus_safetycert
  • desigopxm20-e
  • desigo_pxc00-e.d_firmware
  • desigo_pxc12-e.d_firmware
  • desigopxc128-u
  • desigo_pxc00-e.d
  • nucleus_source_code
  • desigopxc200-e.d
  • desigopxc64-u
  • desigo_pxc12-e.d
  • nucleus_rtos
  • desigo_pxc
  • desigo_pxc36.1-e.d
  • desigopxc50-e.d
  • desigopxc128-u_firmware
  • apogee_pxc
  • desigopxc50-e.d_firmware
  • apogee_modular_equiment_controller
  • desigo_pxc001-e.d_firmware
  • desigopxc100-e.d
  • desigopxm20-e_firmware
  • apogee_modular_building_controller
  • desigopxc100-e.d_firmware
  • talon_tc_firmware
  • desigo_pxm20_firmware
CWE
CWE-20

Improper Input Validation

NVD-CWE-noinfo