CVE-2019-13939
Summary
| CVE | CVE-2019-13939 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-16 16:15:00 UTC |
| Updated | 2023-05-09 16:27:00 UTC |
| Description | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Apogee Modular Building Controller | - | All | All | All |
| Hardware | Siemens | Apogee Modular Building Controller | - | All | All | All |
| Operating System | Siemens | Apogee Modular Building Controller Firmware | All | All | All | All |
| Operating System | Siemens | Apogee Modular Building Controller Firmware | All | All | All | All |
| Hardware | Siemens | Apogee Modular Equiment Controller | - | All | All | All |
| Hardware | Siemens | Apogee Modular Equiment Controller | - | All | All | All |
| Operating System | Siemens | Apogee Modular Equiment Controller Firmware | All | All | All | All |
| Operating System | Siemens | Apogee Modular Equiment Controller Firmware | All | All | All | All |
| Hardware | Siemens | Apogee Pxc | - | All | All | All |
| Hardware | Siemens | Apogee Pxc | - | All | All | All |
| Operating System | Siemens | Apogee Pxc Firmware | All | All | All | All |
| Application | Siemens | Capital Vstar | All | All | All | All |
| Hardware | Siemens | Desigopxc100-e.d | - | All | All | All |
| Operating System | Siemens | Desigopxc100-e.d Firmware | - | All | All | All |
| Hardware | Siemens | Desigopxc128-u | - | All | All | All |
| Operating System | Siemens | Desigopxc128-u Firmware | - | All | All | All |
| Hardware | Siemens | Desigopxc200-e.d | - | All | All | All |
| Operating System | Siemens | Desigopxc200-e.d Firmware | - | All | All | All |
| Hardware | Siemens | Desigopxc50-e.d | - | All | All | All |
| Operating System | Siemens | Desigopxc50-e.d Firmware | - | All | All | All |
| Hardware | Siemens | Desigopxc64-u | - | All | All | All |
| Operating System | Siemens | Desigopxc64-u Firmware | - | All | All | All |
| Hardware | Siemens | Desigopxm20-e | - | All | All | All |
| Operating System | Siemens | Desigopxm20-e Firmware | - | All | All | All |
| Hardware | Siemens | Desigo Pxc | - | All | All | All |
| Hardware | Siemens | Desigo Pxc | - | All | All | All |
| Hardware | Siemens | Desigo Pxc00-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc00-e.d Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc00-u | - | All | All | All |
| Operating System | Siemens | Desigo Pxc00-u Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc001-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc001-e.d Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc12-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc12-e.d Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc22-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc22-e.d Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc22.1-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc22.1-e.d Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxc36.1-e.d | - | All | All | All |
| Operating System | Siemens | Desigo Pxc36.1-e.d Firmware | All | All | All | All |
| Operating System | Siemens | Desigo Pxc Firmware | All | All | All | All |
| Operating System | Siemens | Desigo Pxc Firmware | All | All | All | All |
| Hardware | Siemens | Desigo Pxm20 | - | All | All | All |
| Hardware | Siemens | Desigo Pxm20 | - | All | All | All |
| Operating System | Siemens | Desigo Pxm20 Firmware | All | All | All | All |
| Operating System | Siemens | Desigo Pxm20 Firmware | All | All | All | All |
| Application | Siemens | Nucleus Net | All | All | All | All |
| Application | Siemens | Nucleus Net | All | All | All | All |
| Application | Siemens | Nucleus Readystart | All | All | All | All |
| Application | Siemens | Nucleus Readystart | All | All | All | All |
| Operating System | Siemens | Nucleus Rtos | All | All | All | All |
| Operating System | Siemens | Nucleus Rtos | All | All | All | All |
| Application | Siemens | Nucleus Safetycert | All | All | All | All |
| Application | Siemens | Nucleus Safetycert | All | All | All | All |
| Application | Siemens | Nucleus Source Code | All | All | All | All |
| Application | Siemens | Nucleus Source Code | All | All | All | All |
| Hardware | Siemens | Simotics Connect 400 | - | All | All | All |
| Hardware | Siemens | Simotics Connect 400 | - | All | All | All |
| Operating System | Siemens | Simotics Connect 400 Firmware | All | All | All | All |
| Hardware | Siemens | Talon Tc | - | All | All | All |
| Hardware | Siemens | Talon Tc | - | All | All | All |
| Operating System | Siemens | Talon Tc Firmware | All | All | All | All |
| Operating System | Siemens | Talon Tc Firmware | All | All | All | All |
| Application | Siemens | Vstar | All | All | All | All |
| Application | Siemens | Vstar | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Siemens SIMOTICS, Desigo, APOGEE, and TALON | CISA | MISC | us-cert.cisa.gov | |
| cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf | MISC | cert-portal.siemens.com | Vendor Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf | CONFIRM | cert-portal.siemens.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590707 Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update B) Vulnerability (ICSA-20-105-06)