CVE-2019-13939

Name: CVE-2019-13939
Creator: NVD / NIST
Published: 2020-01-16T16:15:16.277+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 0.71%

Last modified Jun 17, 2026

CVE-2019-13939 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.. EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS 4.0

7.1/10

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.71%

49.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Siemens	Capital Vstar	All versions
Siemens	Nucleus Net	All versions
Siemens	Nucleus Readystart	< 2017.02.2
Siemens	Nucleus Safetycert	All versions
Siemens	Nucleus Source Code	All versions
Siemens	Nucleus Rtos	All versions
Siemens	Apogee Modular Equiment Controller Firmware	< 2.8.2
Siemens	Apogee Modular Building Controller Firmware	< 2.8.2
Siemens	Apogee Pxc Firmware	<= 2.8.2
Siemens	Desigo Pxc Firmware	>= 2.3
Siemens	Desigo Pxm20 Firmware	>= 2.3
Siemens	Simotics Connect 400 Firmware	<= 0.3.0.95
Siemens	Talon Tc Firmware	>= 3.0
Siemens	Desigo Pxc00-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc00-U Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc001-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc12-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc22-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc22.1-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigo Pxc36.1-E.D Firmware	>= 2.3.0, < 6.00.327
Siemens	Desigopxc50-E.D Firmware	All versions
Siemens	Desigopxc64-U Firmware	All versions
Siemens	Desigopxc100-E.D Firmware	All versions
Siemens	Desigopxc128-U Firmware	All versions
Siemens	Desigopxc200-E.D Firmware	All versions
Siemens	Desigopxm20-E Firmware	All versions

References

https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06Third Party Advisory, US Government Resource
https://cert-portal.siemens.com/productcert/html/ssa-162506.html
https://cert-portal.siemens.com/productcert/html/ssa-434032.html
https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdfVendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06Third Party Advisory, US Government Resource

Timeline

Published: Jan 16, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-13939?

How severe is CVE-2019-13939?

CVE-2019-13939 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.

How do I fix CVE-2019-13939?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-13939?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST