CVE-2019-13939 — Improper Input Validation in Siemens Apogee PXC Compact

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.1HIGHNVD

EPSS

0.3%

top 42.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Apogee PXC Compact Siemens Apogee PXC Modular Siemens Capital Embedded AR Classic 431-422 +36 more

Timeline

PublishedJan 16

Latest updateMay 24

Description

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions = V2.8.2 = V2.8.2 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending speciall…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Packages39 packages

▶CVEListV5siemens/nucleus_source_code< *

▶NVDsiemens/nucleus_readystart< 2017.02.2

▶CVEListV5siemens/nucleus_readystart_v3< V2017.02.3

▶CVEListV5siemens/nucleus_net< *

▶CVEListV5siemens/talon_tc_compact< V3.5.3

🔴Vulnerability Details

GHSA

GHSA-jpvr-c9fc-2r4h: A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All version↗2022-05-24

▶

CVEList

CVE-2019-13939: A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions = V2↗2020-01-16

▶