Improper input validation in Siemens Apogee Mec/mbc/pxc (P2)
CVE-2019-13939
A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.003 (57.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.
Affected products
- Siemens Apogee Mec/mbc/pxc (P2) — versions All versions < V2.8.2
- Siemens Apogee Pxc Compact (Bacnet) — versions 0
- Siemens Apogee Pxc Compact (P2 Ethernet) — versions V2.8.2
- Siemens Apogee Pxc Modular (Bacnet) — versions 0
- Siemens Apogee Pxc Modular (P2 Ethernet) — versions V2.8.2
- Siemens Capital Embedded Ar Classic 431-422 — versions 0
- Siemens Capital Embedded Ar Classic R20-11 — versions 0
- Siemens Desigo Pxc001-e.d — versions V2.3
- Siemens Desigo Pxc00-e.d — versions V2.3
- Siemens Desigo Pxc00-u — versions All versions >= V2.3x and < V6.00.327
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf (x_refsource_MISC)
- cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf (x_refsource_CONFIRM)
- us-cert.cisa.gov/ics/advisories/icsa-20-105-06 (x_refsource_MISC)
- cert-portal.siemens.com/productcert/html/ssa-434032.html
- cert-portal.siemens.com/productcert/html/ssa-162506.html
Frequently asked questions
- What is CVE-2019-13939?
- CVE-2019-13939 is a high-severity vulnerability in Siemens Apogee Mec/mbc/pxc (P2), classified under Improper Input Validation. CVSS score: 7.1/10. Published 2020-01-16.
- How severe is CVE-2019-13939?
- High severity. CVSS v3 base score is 7.1 out of 10.
- Is CVE-2019-13939 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.