Siemens Desigo PX Devices External Control of Assumed-Immutable Web Parameter (CVE-2019-13927)

medium Tenable OT Security Plugin ID 500761

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device.
Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has an update available for the following affected products:

- PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2: Install v6.00.320 or a later version.
- PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2: Install v6.00.320 or a later version.
- PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server: Install v6.00.320 or a later version.

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce risk:

- Ensure the PX Web interface is accessible only from trusted networks.

As a general security measure, Siemens strongly recommends customers protect network access to affected products with appropriate mechanisms. Siemens advises all users to follow recommended security practices to run the devices in a protected environment.

For more information on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT:http://www.siemens.com/cert/advisories

For more information on the vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-898181 at the following location: http://www.siemens.com/cert/advisories

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-19-318-03

Plugin Details

Severity: Medium

ID: 500761

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 1/25/2023

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2019-13927

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:pxc50-e.d_firmware, cpe:/o:siemens:pxc200-e.d_firmware, cpe:/o:siemens:pxc100-e.d_firmware, cpe:/o:siemens:pxc00-e.d_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/12/2019

Vulnerability Publication Date: 12/12/2019

Reference Information

CVE: CVE-2019-13927

CWE: 668

ICSA: 19-318-03