CVE-2019-13939

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf	vendor advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf	vendor advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06	third party advisory us government resource
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/html/ssa-162506.html

Frequently Asked Questions

What is the severity of CVE-2019-13939?: CVE-2019-13939 has been scored as a high severity vulnerability.
How to fix CVE-2019-13939?: To fix CVE-2019-13939, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-13939 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-13939 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-13939?: CVE-2019-13939 affects Siemens Capital Embedded AR Classic 431-422, Siemens Capital Embedded AR Classic R20-11, Siemens Nucleus NET, Siemens Nucleus ReadyStart V3, Siemens Nucleus Source Code.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions