Business Logic Errors in Siemens Hardware solutions

#VU26962 Business Logic Errors in Siemens Hardware solutions

Published: 2020-04-15

Vulnerability identifier: #VU26962

Vulnerability risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13939

CWE-ID: CWE-840

Exploitation vector: Local network

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a remote attacker to change the IP address of the device to an invalid value.

The vulnerability exists due to logical errors. A remote attacker on the local network can make device configuration changes and affect its availability.

This vulnerability affects the following products and versions:

APOGEE MEC/MBC/PXC (P2): All versions prior to 2.8.2
APOGEE PXC Series (BACnet): All versions, 3.0 and newer
APOGEE PCX Series (P2): All versions, 2.8.2 and newer
Desigo PXC (Power PC): All versions, 2.3x and newer
Desigo PXM20 (Power PC): All versions, 2.3x and newer
SIMOTICS CONNECT 400: All versions prior to 0.3.0.330
TALON TC Series (BACnet): All versions, 3.0 and newer

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APOGEE MEC: All versions

APOGEE MBC: All versions

APOGEE PXC: All versions

APOGEE PCX: All versions

Desigo PXC: All versions

Desigo PXM20: All versions

SIMOTICS CONNECT 400: All versions

TALON TC Series: All versions

External links
http://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Business Logic Errors in Siemens SIMOTICS, Desigo, APOGEE, and TALON