CVE-2019-13939
published 2020-01-16CVE-2019-13939: A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions = V2.8.2 = V2.8.2 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 =…
high7.1CVSS 4.0
AVAACLATNPRNUINVCNVILVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions = V2.8.2 = V2.8.2 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | apogee_mec_mbc_pxc | — | — |
| siemens | apogee_modular_building_controller_firmware | < 2.8.2 | 2.8.2 |
| siemens | apogee_modular_equiment_controller_firmware | < 2.8.2 | 2.8.2 |
| siemens | apogee_pxc_compact | < V3.5.3 | V3.5.3 |
| siemens | apogee_pxc_compact | >= V2.8.2 < V2.8.19 | V2.8.19 |
| siemens | apogee_pxc_firmware | <= 2.8.2 | — |
| siemens | apogee_pxc_modular | < V3.5.3 | V3.5.3 |
| siemens | apogee_pxc_modular | >= V2.8.2 < V2.8.19 | V2.8.19 |
| siemens | capital_embedded_ar_classic_431-422 | < * | * |
| siemens | capital_embedded_ar_classic_r20-11 | < V2303 | V2303 |
| siemens | desigo_pxc00-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc00-e.d_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |
| siemens | desigo_pxc00-u | — | — |
| siemens | desigo_pxc00-u_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |
| siemens | desigo_pxc001-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc001-e.d_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |
| siemens | desigo_pxc100-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc12-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc12-e.d_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |
| siemens | desigo_pxc128-u | — | — |
| siemens | desigo_pxc200-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc22-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc22-e.d_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |
| siemens | desigo_pxc22.1-e.d | >= V2.3 < V6.0.327 | V6.0.327 |
| siemens | desigo_pxc22.1-e.d_firmware | >= 2.3.0 < 6.00.327 | 6.00.327 |