Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-162506.html | |
https://cert-portal.siemens.com/productcert/html/ssa-434032.html | |
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf | Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf | Vendor Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 | Third Party Advisory US Government Resource |
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
Configuration 20 (hide)
AND |
|
Configuration 21 (hide)
AND |
|
13 Feb 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. | |
CWE | CWE-20 |
09 May 2023, 16:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens desigo Pxc00-e.d Firmware
Siemens desigopxc200-e.d Siemens desigopxc100-e.d Firmware Siemens desigo Pxc00-e.d Siemens desigo Pxc12-e.d Firmware Siemens desigo Pxc12-e.d Siemens desigo Pxc00-u Firmware Siemens desigopxm20-e Firmware Siemens desigopxc64-u Firmware Siemens desigopxm20-e Siemens desigopxc50-e.d Siemens desigopxc50-e.d Firmware Siemens desigo Pxc00-u Siemens desigo Pxc001-e.d Siemens desigopxc100-e.d Siemens desigopxc200-e.d Firmware Siemens desigo Pxc22.1-e.d Firmware Siemens desigopxc64-u Siemens desigo Pxc001-e.d Firmware Siemens desigo Pxc36.1-e.d Siemens desigopxc128-u Firmware Siemens desigo Pxc22-e.d Firmware Siemens desigo Pxc36.1-e.d Firmware Siemens desigo Pxc22.1-e.d Siemens desigopxc128-u Siemens desigo Pxc22-e.d |
|
CPE | cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxc200-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxc50-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxm20-e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxm20-e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxc128-u_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxc100-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxc64-u:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigopxc128-u:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigopxc64-u_firmware:-:*:*:*:*:*:*:* |
|
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06 - Third Party Advisory, US Government Resource |
20 May 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
20 May 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
12 Apr 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
12 Apr 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
09 Nov 2021, 14:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:* |
14 Jan 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jan 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions >= V3.0), APOGEE PXC Series (P2) (All versions >= V2.8.2), Desigo PXC (Power PC) (All versions >= V2.3x and < V6.00.327), Desigo PXM20 (Power PC) (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions <= V0.3.0.95), TALON TC Series (BACnet) (All versions >= V3.0), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. |
Published : 2020-01-16 16:15
Updated : 2024-02-13 09:15
NVD link : CVE-2019-13939
Mitre link : CVE-2019-13939
CVE.ORG link : CVE-2019-13939
JSON object : View
siemens
- desigo_pxc001-e.d_firmware
- desigo_pxc36.1-e.d
- apogee_modular_equiment_controller_firmware
- nucleus_readystart
- simotics_connect_400_firmware
- talon_tc
- desigopxc50-e.d_firmware
- desigopxc64-u
- desigo_pxm20
- capital_vstar
- talon_tc_firmware
- nucleus_net
- apogee_modular_building_controller_firmware
- nucleus_source_code
- apogee_pxc
- desigo_pxc00-e.d
- desigopxc100-e.d_firmware
- desigo_pxc_firmware
- apogee_pxc_firmware
- desigopxm20-e
- desigopxc200-e.d_firmware
- apogee_modular_equiment_controller
- nucleus_rtos
- nucleus_safetycert
- desigo_pxc00-u
- desigo_pxc22.1-e.d_firmware
- desigo_pxc36.1-e.d_firmware
- desigo_pxc
- desigopxm20-e_firmware
- desigo_pxc001-e.d
- desigopxc64-u_firmware
- desigopxc128-u_firmware
- desigopxc50-e.d
- desigo_pxc12-e.d_firmware
- desigo_pxm20_firmware
- desigo_pxc12-e.d
- desigo_pxc22.1-e.d
- desigo_pxc22-e.d
- desigopxc100-e.d
- desigo_pxc00-e.d_firmware
- apogee_modular_building_controller
- simotics_connect_400
- desigopxc128-u
- desigo_pxc22-e.d_firmware
- desigopxc200-e.d
- desigo_pxc00-u_firmware