CVE-2019-13939

Published Jan 16, 2020
Last updated 2 months ago
CVSS high 7.1
Overview

Description: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
Source: productcert@siemens.com
NVD status: Modified
Risk scores

CVSS 4.0

Type: Secondary
Base score: 7.1
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH
CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 4.8
Impact score: 4.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:N/I:P/A:P
Weaknesses

productcert@siemens.com: CWE-20
nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE16530A-D354-43A0-A2C7-DB312646C69C",
            "versionEndExcluding": "2017.02.2"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_safetycert:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ED0DBA9-FFB1-407C-8429-BCD24DCB33FF"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44"
          },
          {
            "criteria": "cpe:2.3:o:siemens:nucleus_rtos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "485540AD-9966-49B0-AC24-BEFE81C4D4E3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8240E52-8D3B-40AF-944F-5AD993279B07",
            "versionEndExcluding": "2.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7945BF7D-AB3A-4285-9C58-D56149ADFC15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "217F3116-5F09-4D60-BD65-8960401434AF",
            "versionEndExcluding": "2.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5F978E7-3DD9-4948-BFFB-E7273003477B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1206DD28-16D8-4F71-BABA-FDCE3CD9A91D",
            "versionEndIncluding": "2.8.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "741E43A3-43D1-4ECF-915A-92E035FF8903",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8ED54EF-1BAB-465B-A4D1-E779F63CF4F0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxm20_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "669CAA1B-9E47-4331-8E1F-92D562F3CFF2",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxm20:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "408DD298-FAC6-45E6-BF04-832C16B13927"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E01F98E1-441B-48CC-90FC-E9391D65844E",
            "versionEndIncluding": "0.3.0.95"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48BFF9EF-D1C1-4107-8D1E-51315C03FFF0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:talon_tc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EC32195-D888-4A8B-AC77-D0C98A83E88A",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:talon_tc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F30FF737-174E-4760-A454-1DD174B4C966"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC441789-6954-48E7-9A42-1A2993C93066",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A1727849-2FD8-40A2-91D3-E0C9662B45BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E396F519-8055-486E-A2DB-F9E6DD5B1E2D",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD39D011-8AE2-46FE-9207-C110E2FBC07C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ACD8296-AC32-42CE-8B8D-A3F6FFD7A869",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DCC50C13-FA05-4459-BA1E-482D886B842B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6B65BC2-7D65-4216-8B3A-773825297CFE",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DDA404C0-FD6D-47CC-950C-E5DCC993C8E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C4CDD0E-FAB0-4F44-96AB-9ADDEFB456EC",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4A4D84CE-07AB-4305-9C48-54392772D4EB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5B66D45-3F60-469D-ADF6-ECB02567970C",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E67F374-BF75-4334-A6D5-AB570E0A70D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C11C33-5757-44C5-9CC2-4BC3F287DD75",
            "versionEndExcluding": "6.00.327",
            "versionStartIncluding": "2.3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1CA7EF94-2EE2-4B53-A544-F675306DF84F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93AC0E5C-5A08-43E4-88E5-7681755126F0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxc50-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F2D5B24-63B5-41C8-B20B-98699C4979F9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxc64-u_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCB6399E-E7BD-4469-8166-B03B74E421BE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxc64-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "980885C3-B98A-4AC9-AB86-A8BBFF23F37D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9118355-1BBC-43C7-9923-0F8FAEA70D40"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxc100-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "93E5FEC8-EAE9-4235-91EE-FE68CCE19C43"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxc128-u_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD7B8DC6-A346-4D4B-B6F6-9831E7D1F999"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxc128-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BF17316C-DDD6-42F9-A147-6729632D9902"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED820905-73EA-41F8-A2C5-17CD6BCF1707"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxc200-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E05F84E0-808C-4C40-9D50-9BE0117B791E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigopxm20-e_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EFE56A4-408F-4807-A76D-B54AD9C85C28"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigopxm20-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "162C32E8-05CD-40A2-AB56-17CE4D85842F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 4.0

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
