var-201912-1178
Vulnerability from variot
A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. Several Siemens products are vulnerable to a resource leak into the wrong area.Service operation interruption (DoS) There is a possibility of being put into a state. The Desigo-PX automation station and operator unit control and monitor the building automation system. They allow alarm signals, time-based programs and trend recording. Desigo PX is a modern building automation and controlsystem for the entire field of building service plants
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-1178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pxc00-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc100-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc50-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc128-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc36-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc36.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa30-w0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc200-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc22.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxc64-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w0",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.320"
},
{
"model": "pxa40-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc100-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc128-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc200-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc50-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc64-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa40-w1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc200-e.d with de-sigo px web modules pxa40-w0",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa30-w2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxa30-w1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc128-u with desigo px web mod-ules pxa30-w0",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc36.1-e.d with activated webserver",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc36-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc22.1-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v6.00.320"
},
{
"model": "pxc00-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00-u",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc100-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc36-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc36.1-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc50-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxa40-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "pxc200-e.d",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.5,
"vendor": "siemens",
"version": "all firmware versions \u0026lt; v6.00.320"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc128 u",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa30 w2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc22 1 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc36 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc36 1 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc50 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc100 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc200 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w0",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w1",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxa40 w2",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 u",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc64 u",
"version": "*"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc200-e.d"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxa40-w2"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc128-u"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxa30-w2"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "pxc36.1-e.d"
},
{
"model": "desigo px v",
"scope": "eq",
"trust": 0.1,
"vendor": "siemens",
"version": "with activated web server"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:pxa40-w0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxa40-w1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxa40-w2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc00-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc00-u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc100-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc128-u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc200-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc50-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc64-u_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13927",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40514",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "d3f319f9-c20f-4266-a625-8d3798935796",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13927",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13927",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13927",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13927",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-40514",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2019-5542",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions \u003c V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions \u003c V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions \u003c V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device\u0027s web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device\u0027s web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known. Several Siemens products are vulnerable to a resource leak into the wrong area.Service operation interruption (DoS) There is a possibility of being put into a state. The Desigo-PX automation station and operator unit control and monitor the building automation system. They allow alarm signals, time-based programs and trend recording. Desigo PX is a modern building automation and controlsystem for the entire field of building service plants",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13927"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "ZSL",
"id": "ZSL-2019-5542"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/desigopx.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13927",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-898181",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2019-40514",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-318-03",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155321",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.4313",
"trust": 0.6
},
{
"db": "IVD",
"id": "D3F319F9-C20F-4266-A625-8D3798935796",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "47657",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2019-5542",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"id": "VAR-201912-1178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
],
"trust": 1.4819727942857144
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
]
},
"last_update_date": "2024-11-23T22:55:19.766000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-898181",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
},
{
"title": "Patch for Siemens Desigo PX Web Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189931"
},
{
"title": "Siemens Desigo PX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.8
},
{
"problemtype": "CWE-472",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13927"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13927"
},
{
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-03"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155321/siemens-desigo-px-6.00-denial-of-service.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4313/"
},
{
"trust": 0.1,
"url": "https://support.industry.siemens.com/cs/document/109772802"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/products/services/cert.html"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-898181.txt"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/products/services/cert/hall-of-thanks.html"
},
{
"trust": 0.1,
"url": "https://new.siemens.com/global/en/company/stories/research-technologies/cybersecurity/rhythm-for-security.html"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171445"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/155321"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/47657"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/security-center/vulnerabilities/writeup/110866"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-13T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"date": "2019-11-14T00:00:00",
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"date": "2019-12-12T14:15:14.897000",
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-15T00:00:00",
"db": "ZSL",
"id": "ZSL-2019-5542"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40514"
},
{
"date": "2020-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013813"
},
{
"date": "2019-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-799"
},
{
"date": "2024-11-21T04:25:42.927000",
"db": "NVD",
"id": "CVE-2019-13927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX Web Remote Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNVD",
"id": "CNVD-2019-40514"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "d3f319f9-c20f-4266-a625-8d3798935796"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-799"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…