Detections
Analytics
Siemens Desigo PX Devices External Control of Assumed-Immutable Web Parameter (CVE-2019-13927)
medium Tenable OT Security Plugin ID 500761
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device.Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens has an update available for the following affected products:
- PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2: Install v6.00.320 or a later version.
- PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2: Install v6.00.320 or a later version.
- PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server: Install v6.00.320 or a later version.
Siemens has identified the following specific workarounds and mitigations that users can apply to reduce risk:
- Ensure the PX Web interface is accessible only from trusted networks.
As a general security measure, Siemens strongly recommends customers protect network access to affected products with appropriate mechanisms. Siemens advises all users to follow recommended security practices to run the devices in a protected environment.
For more information on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT:http://www.siemens.com/cert/advisories
For more information on the vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-898181 at the following location: http://www.siemens.com/cert/advisories
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-19-318-03
Plugin Details
Severity: Medium
ID: 500761
Version: 1.4
Type: remote
Family: Tenable.ot
Published: 1/25/2023
Updated: 3/4/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2019-13927
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:pxc00-e.d_firmware, cpe:/o:siemens:pxc100-e.d_firmware, cpe:/o:siemens:pxc200-e.d_firmware, cpe:/o:siemens:pxc50-e.d_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/12/2019
Vulnerability Publication Date: 12/12/2019
Reference Information
CVE: CVE-2019-13927
CWE: 668