{"containers": {"cna": {"affected": [{"product": "Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All firmware versions < V6.00.320"}]}, {"product": "Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All firmware versions < V6.00.320"}]}, {"product": "Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All firmware versions < V6.00.320"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-472", "description": "CWE-472: External Control of Assumed-Immutable Web Parameter", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-12T13:19:51", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2", "version": {"version_data": [{"version_value": "All firmware versions < V6.00.320"}]}}, {"product_name": "Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2", "version": {"version_data": [{"version_value": "All firmware versions < V6.00.320"}]}}, {"product_name": "Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server", "version": {"version_data": [{"version_value": "All firmware versions < V6.00.320"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-472: External Control of Assumed-Immutable Web Parameter"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:05:43.819Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13927", "datePublished": "2019-12-12T13:19:51", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.819Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc00-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17052CB2-6DE0-416D-9DB2-1785E827221D", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc00-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2580695E-E914-4F5D-8CEC-879AE370BDA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc50-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D3B0D0-05A7-45EC-9039-34A83A485FD7", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc50-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "F28BC059-20A6-43B2-AEFC-859C9B3F6F70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc100-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F94A6AB9-3C72-4850-9481-02CD9B51847D", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc100-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "83E47DD7-A641-45E5-A9E1-ED96F371862A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc200-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FE48B0F-9BC3-4DC8-ABF5-69369F6E8D39", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc200-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C7674C3-8270-4B2B-85DE-2608C7CF760E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa40-w0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D79FCDB5-18CA-460B-86A4-0697DF0F052C", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa40-w0:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF00EDD0-0F29-44CA-AD49-E01A34B90449", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa40-w1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9123E410-E1C3-4808-97FB-61D1A0941FA8", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa40-w1:-:*:*:*:*:*:*:*", "matchCriteriaId": "84E81C14-9E15-4AE9-9883-AECED454CD1E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa40-w2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "848E2AA0-DBC3-4A4C-9276-6DF32FCAEF23", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa40-w2:-:*:*:*:*:*:*:*", "matchCriteriaId": "97179917-51DF-4A80-9965-DE7B92EDE27F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc00-u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "080142CF-91E6-45BF-B590-B97E83AC896D", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc00-u:-:*:*:*:*:*:*:*", "matchCriteriaId": "8548E08E-C4C3-4B5E-9164-1E84D42C58CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc64-u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6580B352-8978-4EB9-AF2B-5FFE257BC834", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc64-u:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D8F50DD-EC57-4611-9D29-D38C52D330BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc128-u_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "14BB8609-0735-4A04-B1F9-375BC794C940", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc128-u:-:*:*:*:*:*:*:*", "matchCriteriaId": "531236E2-58B4-4494-AB6B-5958DCA9A371", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa30-w0_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE1AEE82-7187-4119-B37C-AFE020D52C25", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa30-w0:-:*:*:*:*:*:*:*", "matchCriteriaId": "46895F52-F2D1-4278-8818-55572F12072E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa30-w1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF43BD80-AD97-4154-95CC-892095E83D84", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa30-w1:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8D9E6C8-2697-449D-BDE1-3C7D79F96919", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxa30-w2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3123DBAC-A753-49FE-A4CC-BCD0F96D005D", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxa30-w2:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA335640-CCAE-4773-99F2-C589DF5582AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B46E686E-FFF2-41E1-B9E8-9E5E119C12FD", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc22.1-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0AA59A-F7AB-47DE-BE88-323B822C6798", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc36-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2513C09-E824-4189-9A0F-AC397F0EE956", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc36-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B0C77FC-D2DC-4957-AB98-40CDE729C312", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "38D1C9B7-0482-4C24-9F3E-1D87F98B603B", "versionEndExcluding": "6.00.320", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:pxc36.1-e.d:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB8C2811-C46F-4C23-BCFB-F1686698CC4C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en los controladores de automatizaci\u00f3n Desigo PX PXC00-ED, PXC50-ED, PXC100-ED, PXC200-ED con los m\u00f3dulos web Desigo PX PXA40-W0, PXA40-W1, PXA40-W2 (Todas las versiones de firmware anteriores a V6.00.320) , controladores de automatizaci\u00f3n Desigo PX PXC00-U, PXC64-U, PXC128-U con m\u00f3dulos web Desigo PX PXA30-W0, PXA30-W1, PXA30-W2 (todas las versiones de firmware anteriores a V6.00.320), controladores de automatizaci\u00f3n Desigo PX PXC22.1-ED, PXC36-ED, PXC36.1-ED con servidor web activado (Todas las versiones de firmware anteriores a V6.00.320). El dispositivo contiene una vulnerabilidad que podr\u00eda permitir a un atacante causar una condici\u00f3n de denegaci\u00f3n de servicio en el servidor web del dispositivo mediante el env\u00edo de un mensaje HTTP especialmente dise\u00f1ado hacia el puerto del servidor web (tcp/80). La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante con acceso de red en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito no requiere privilegios del sistema ni interacci\u00f3n del usuario. Un atacante podr\u00eda usar la vulnerabilidad para comprometer la disponibilidad del servicio web del dispositivo. Mientras el dispositivo se mantiene operativo, el servidor web responde con el c\u00f3digo de estado HTTP 404 (No encontrado) a cualquier nueva petici\u00f3n. Un reinicio es requerido para recuperar la interfaz web. Al momento de la publicaci\u00f3n del aviso, no era conocida la explotaci\u00f3n p\u00fablica de esta vulnerabilidad de seguridad."}], "id": "CVE-2019-13927", "lastModified": "2024-11-21T04:25:42.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-12T14:15:14.897", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}