Vulnerability CVE-2019-13939


Published: 2020-01-16

Description:
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack. At the time of advisory publication no public exploitation of this security vulnerability was known.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:A/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.8/10
4.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Siemens -> Nucleus net 
Siemens -> Nucleus readystart 
Siemens -> Nucleus safetycert 
Siemens -> Nucleus source code 
Siemens -> Vstar 
Siemens -> Nucleus rtos 

 References:
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf

Copyright 2022, cxsecurity.com

 

Back to Top