CVE-2019-13939

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

CVSS v3 7.1 HIGH
CVSS v2.0 4.8 MEDIUM

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06	Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf	Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:capital_vstar::::::::
	cpe:2.3:a:siemens:nucleus_net::::::::
	cpe:2.3:a:siemens:nucleus_readystart::::::::
	cpe:2.3:a:siemens:nucleus_safetycert::::::::
	cpe:2.3:a:siemens:nucleus_source_code::::::::
	cpe:2.3:o:siemens:nucleus_rtos::::::::

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:desigo_pxm20_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxm20:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:talon_tc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:talon_tc:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxc50-e.d:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:desigopxc64-u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxc64-u:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxc100-e.d:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:desigopxc128-u_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxc128-u:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxc200-e.d:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:desigopxm20-e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigopxm20-e:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:25

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-162506.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-162506.html -
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-434032.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-434032.html -
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf - Vendor Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf - Vendor Advisory
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf - Vendor Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf - Vendor Advisory
References	~~() https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 - Third Party Advisory, US Government Resource~~	() https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 - Third Party Advisory, US Government Resource

13 Feb 2024, 09:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack.	A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
References		() https://cert-portal.siemens.com/productcert/html/ssa-162506.html - () https://cert-portal.siemens.com/productcert/html/ssa-434032.html -
CWE	~~NVD-CWE-noinfo~~	CWE-20

09 May 2023, 16:27

Type	Values Removed	Values Added
References	~~(MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 -~~	(MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 - Third Party Advisory, US Government Resource
First Time		Siemens desigo Pxc12-e.d Siemens desigo Pxc12-e.d Firmware Siemens desigo Pxc36.1-e.d Firmware Siemens desigopxc128-u Siemens desigo Pxc001-e.d Siemens desigo Pxc00-e.d Siemens desigopxc200-e.d Firmware Siemens desigopxc64-u Firmware Siemens desigopxm20-e Siemens desigopxc100-e.d Siemens desigopxc50-e.d Firmware Siemens desigopxc100-e.d Firmware Siemens desigo Pxc001-e.d Firmware Siemens desigo Pxc22-e.d Siemens desigopxm20-e Firmware Siemens desigo Pxc22.1-e.d Siemens desigo Pxc36.1-e.d Siemens desigo Pxc22.1-e.d Firmware Siemens desigo Pxc00-u Firmware Siemens desigopxc64-u Siemens desigopxc200-e.d Siemens desigo Pxc00-u Siemens desigo Pxc22-e.d Firmware Siemens desigopxc50-e.d Siemens desigopxc128-u Firmware Siemens desigo Pxc00-e.d Firmware
CPE		cpe:2.3:h:siemens:desigopxc50-e.d:-:::::::* cpe:2.3:h:siemens:desigopxc64-u:-:::::::* cpe:2.3:h:siemens:desigo_pxc22-e.d:-:::::::* cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:::::::: cpe:2.3:o:siemens:desigopxc128-u_firmware:-:::::::* cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:::::::* cpe:2.3:h:siemens:desigo_pxc12-e.d:-:::::::* cpe:2.3:h:siemens:desigo_pxc001-e.d:-:::::::* cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:::::::: cpe:2.3:o:siemens:desigo_pxc00-u_firmware:::::::: cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:::::::* cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:::::::: cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:::::::: cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:::::::: cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:::::::: cpe:2.3:h:siemens:desigo_pxc00-e.d:-:::::::* cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:::::::* cpe:2.3:h:siemens:desigopxc128-u:-:::::::* cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:::::::* cpe:2.3:h:siemens:desigo_pxc00-u:-:::::::* cpe:2.3:o:siemens:desigopxc64-u_firmware:-:::::::* cpe:2.3:h:siemens:desigopxm20-e:-:::::::* cpe:2.3:h:siemens:desigopxc100-e.d:-:::::::* cpe:2.3:h:siemens:desigopxc200-e.d:-:::::::* cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:::::::* cpe:2.3:o:siemens:desigopxm20-e_firmware:-:::::::*

Information

Published : 2020-01-16 16:15

Updated : 2025-03-11 10:15

NVD link : CVE-2019-13939

Mitre link : CVE-2019-13939

CVE.ORG link : CVE-2019-13939

JSON object : View

Products Affected

siemens

desigo_pxc00-u_firmware
desigopxm20-e
desigo_pxc36.1-e.d_firmware
nucleus_readystart
desigo_pxc00-u
nucleus_source_code
apogee_modular_equiment_controller_firmware
desigo_pxc22.1-e.d_firmware
desigo_pxc001-e.d
desigo_pxc36.1-e.d
desigopxc50-e.d_firmware
nucleus_safetycert
talon_tc_firmware
apogee_pxc_firmware
desigopxm20-e_firmware
desigo_pxc001-e.d_firmware
nucleus_rtos
desigo_pxc00-e.d
desigo_pxm20_firmware
apogee_modular_building_controller
desigopxc50-e.d
desigo_pxm20
desigopxc100-e.d_firmware
simotics_connect_400_firmware
simotics_connect_400
desigopxc200-e.d_firmware
desigopxc128-u
desigo_pxc00-e.d_firmware
desigo_pxc
talon_tc
desigo_pxc22-e.d
apogee_modular_building_controller_firmware
capital_vstar
apogee_modular_equiment_controller
desigo_pxc22.1-e.d
desigo_pxc_firmware
desigopxc64-u
desigo_pxc22-e.d_firmware
desigopxc100-e.d
desigo_pxc12-e.d_firmware
nucleus_net
desigo_pxc12-e.d
desigopxc128-u_firmware
desigopxc200-e.d
desigopxc64-u_firmware
apogee_pxc

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

7.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.8 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-13939

7.1^/10

4.8^/10

Attach tags to `CVE-2019-13939`