Authentication bypass in Siemens Desigo PXC devices
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-4834 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Desigo Operator Unit PXM20-E Hardware solutions / Firmware Desigo Automation Controllers for Integration PXC001-E.D Hardware solutions / Firmware Desigo Automation Controllers PXC00/64/128-U Hardware solutions / Firmware Desigo Automation Controllers Modular PXC00/50/100/200-E.D Hardware solutions / Firmware Desigo Automation Controllers Compact PXC12/22/36-E.D Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication bypass
EUVDB-ID: #VU10253
Risk: Low
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-4834
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists in Siemens Desigo PXC devices due to insufficient authentication checks. A remote attacker can bypass authentication and upload malicious firmware for further attacks.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 6.00.204.
Vulnerable software versionsDesigo Operator Unit PXM20-E: 6.00
Desigo Automation Controllers for Integration PXC001-E.D: 6.00
Desigo Automation Controllers PXC00/64/128-U: 6.00
Desigo Automation Controllers Modular PXC00/50/100/200-E.D: 6.00
Desigo Automation Controllers Compact PXC12/22/36-E.D: 6.00
CPE2.3- cpe:2.3:h:siemens:desigo_operator_unit_pxm20-e:6.00:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:desigo_automation_controllers_for_integration_pxc001-ed:6.00:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:desigo_automation_controllers_pxc00_64_128-u:6.00:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:desigo_automation_controllers_modular_pxc00_50_100_200-ed:6.00:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:desigo_automation_controllers_compact_pxc12_22_36-ed:6.00:*:*:*:*:*:*:*
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
