VAR-201912-1178
Vulnerability from variot - Updated: 2023-12-18 13:33A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. Several Siemens products are vulnerable to a resource leak into the wrong area.Service operation interruption (DoS) There is a possibility of being put into a state. The Desigo-PX automation station and operator unit control and monitor the building automation system. They allow alarm signals, time-based programs and trend recording. Desigo PX is a modern building automation and controlsystem for the entire field of building service plants
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pxc64-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc200-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc00-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc36.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc50-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc100-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc36-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc22.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc128-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc100-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc128-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc200-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc50-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc64-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa40-w1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc200-e.d with de-sigo px web modules pxa40-w0",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa30-w2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa30-w1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc128-u with desigo px web mod-ules pxa30-w0",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc36.1-e.d with activated webserver",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc36-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc22.1-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-u",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc100-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc36-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc36.1-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc50-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc200-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.5,
"vendor": "siemens",
"version": "all firmware versions \u0026lt; v6.00.320"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc128 u",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc22 1 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc36 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc36 1 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc50 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc100 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc200 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 u",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc64 u",
"version": "*"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc200-e.d"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxa40-w2"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc128-u"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxa30-w2"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc36.1-e.d"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "with activated web server"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc00-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc50-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc50-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc100-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc100-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc200-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc200-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa40-w0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa40-w0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa40-w1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa40-w1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa40-w2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa40-w2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc00-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc00-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc64-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc64-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc128-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc128-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa30-w0_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa30-w0:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa30-w1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa30-w1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxa30-w2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxa30-w2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc22.1-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc36-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc36-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.00.320",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:pxc36.1-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13927",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40514",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d3f319f9-c20f-4266-a625-8d3798935796",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13927",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13927",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-40514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2019-5542",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions \u003c V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions \u003c V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions \u003c V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device\u0027s web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u0027s web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. Several Siemens products are vulnerable to a resource leak into the wrong area.Service operation interruption (DoS) There is a possibility of being put into a state. The Desigo-PX automation station and operator unit control and monitor the building automation system. They allow alarm signals, time-based programs and trend recording. Desigo PX is a modern building automation and controlsystem for the entire field of building service plants",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "ZSL",
"id": "ZSL-2019-5542"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/desigopx.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13927",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-898181",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2019-40514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-318-03",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155321",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4313",
"trust": 0.6
},
{
"db": "IVD",
"id": "D3F319F9-C20F-4266-A625-8D3798935796",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "47657",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2019-5542",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"id": "VAR-201912-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
],
"trust": 1.538095242857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
]
},
"last_update_date": "2023-12-18T13:33:14.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-898181",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
},
{
"title": "Patch for Siemens Desigo PX Web Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/189931"
},
{
"title": "Siemens Desigo PX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13927"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13927"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-03"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155321/siemens-desigo-px-6.00-denial-of-service.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4313/"
},
{
"trust": 0.1,
"url": "https://support.industry.siemens.com/cs/document/109772802"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/products/services/cert.html"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-898181.txt"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/products/services/cert/hall-of-thanks.html"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/company/stories/research-technologies/cybersecurity/rhythm-for-security.html"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171445"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/155321"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/47657"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security-center/vulnerabilities/writeup/110866"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"date": "2019-11-14T00:00:00",
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"date": "2019-12-12T14:15:14.897000",
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-15T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"date": "2019-12-30T17:05:54.333000",
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"date": "2019-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX Web Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…