Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2019-13927 : Vulnerability Insights and Analysis

Discover the security flaw in Siemens AG's Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U, PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with Desigo PX Web modules, impacting firmware versions below V6.00.320. Learn about the impact, affected systems, exploitation, and mitigation steps.

A security flaw has been discovered in Siemens AG's Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U, PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with various Desigo PX Web modules, affecting firmware versions below V6.00.320.

Understanding CVE-2019-13927

This CVE identifies a vulnerability that allows attackers to disrupt the web server of affected devices by sending a customized HTTP message through the web server port (tcp/80).

What is CVE-2019-13927?

The vulnerability in Siemens AG's Desigo PX automation controllers allows attackers to compromise the availability of the device's web service without requiring system privileges or user interaction.

The Impact of CVE-2019-13927

        Attackers can disrupt the web server, leading to subsequent HTTP status code 404 responses and necessitating a device reboot for web interface restoration.
        No known public exploitation of this vulnerability has been reported at the time of the advisory's publication.

Technical Details of CVE-2019-13927

Siemens AG's Desigo PX automation controllers are affected by this vulnerability.

Vulnerability Description

        Attackers can disrupt the web server by sending a customized HTTP message through the web server port (tcp/80).

Affected Systems and Versions

        Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2.
        Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2.
        Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server.
        All firmware versions below V6.00.320 are vulnerable.

Exploitation Mechanism

        Attackers need network access to the affected device to exploit the vulnerability.

Mitigation and Prevention

Immediate Steps to Take:

        Monitor Siemens AG's security advisories for patches and updates.
        Implement network segmentation to restrict access to affected devices.

Long-Term Security Practices:

        Regularly update firmware to the latest version.
        Conduct security assessments to identify and mitigate vulnerabilities.
        Train staff on cybersecurity best practices.
        Implement intrusion detection systems to monitor network traffic.

Patching and Updates:

        Apply patches provided by Siemens AG to address the vulnerability.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now