APOGEE MEC, MBC, PXC: Use static IP address configuration. Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products). Siemens recommends the following mitigations and workarounds for the following products: Siemens reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems. A CVSS v3 base score of 7.1 has been assigned the CVSS vector string is ( AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). 
This may allow an attacker to make device configuration changes and affect its availability.ĬVE-2019-13939 has been assigned to this vulnerability. The affected products could allow an attacker to change the IP address of the device to an invalid value.
#SIEMENS DESIGO INSIGHT RS232 SERIES#
TALON TC Series (BACnet): All versions, 3.0 and newerĤ.2 VULNERABILITY OVERVIEW 4.2.1 BUSINESS LOGIC ERRORS CWE-840. SIMOTICS CONNECT 400: All versions prior to 0.3.0.330. Desigo PXM20 (Power PC): All versions, 2.3x and newer. Desigo PXC (Power PC): All versions, 2.3x and newer. Desigo PXM20 (Power PC): All versions, 2.3x to v6.00.327. Desigo PXC (Power PC): All versions, 2.3x to v6.00.327. APOGEE PCX Series (P2): All versions, 2.8.2 and newer. APOGEE PXC Series (BACnet): All versions, 3.0 and newer. APOGEE MEC/MBC/PXC (P2): All versions prior to 2.8.2. Siemens reports the vulnerability affects the following products and versions: Successful exploitation of this vulnerability could allow an attacker to affect the availability and integrity of the device. This updated advisory is a follow-up to the original advisory titled ICSA-20-105-06 Siemens SIMOTICS, Desigo, APOGEE, and TALON that was published April 14, 2020, to the ICS webpage on. Equipment: SIMOTICS, Desigo, APOGEE, and TALON. ATTENTION: Exploitable from an adjacent network/low skill level to exploit.
0 kommentar(er)
