CVE-2019-13927

🗓️ 12 Dec 2019 13:19:51Reported by siemensType

cve🔗 web.nvd.nist.gov👁 105 Views🌐 WEB

Vulnerability in Desigo PX automation controllers with potential denial of servic

Reporter	Title	Published	Views	Family All 17
0day.today	Siemens Desigo PX 6.00 Denial Of Service Exploit	13 Nov 201900:00	–	zdt
BDU FSTEC	The vulnerability of the microprogramming software for Desigo PX arises from incorrect verification of input data by the PX Web service (port TCP/80). This allows a perpetrator to trigger a service failure.	13 Jan 202000:00	–	bdu_fstec
Circl	CVE-2019-13927	11 Mar 202407:07	–	circl
CNVD	Siemens Desigo PX Web Remote Denial of Service Vulnerability	13 Nov 201900:00	–	cnvd
Cvelist	CVE-2019-13927	12 Dec 201913:19	–	cvelist
Exploit DB	Siemens Desigo PX 6.00 - Denial of Service (PoC)	14 Nov 201900:00	–	exploitdb
EUVD	EUVD-2019-5197	7 Oct 202500:30	–	euvd
exploitpack	Siemens Desigo PX 6.00 - Denial of Service (PoC)	14 Nov 201900:00	–	exploitpack
ICS	Siemens Desigo PX Devices	12 Nov 201900:00	–	ics
NVD	CVE-2019-13927	12 Dec 201914:15	–	nvd

NVD

Node

siemens pxc00-e.d_firmwareRange<6.00.320

AND

siemens pxc00-e.dMatch-

Node

siemens pxc50-e.d_firmwareRange<6.00.320

AND

siemens pxc50-e.dMatch-

Node

siemens pxc100-e.d_firmwareRange<6.00.320

AND

siemens pxc100-e.dMatch-

Node

siemens pxc200-e.d_firmwareRange<6.00.320

AND

siemens pxc200-e.dMatch-

Node

siemens pxa40-w0_firmwareRange<6.00.320

AND

siemens pxa40-w0Match-

Node

siemens pxa40-w1_firmwareRange<6.00.320

AND

siemens pxa40-w1Match-

Node

siemens pxa40-w2_firmwareRange<6.00.320

AND

siemens pxa40-w2Match-

Node

siemens pxc00-u_firmwareRange<6.00.320

AND

siemens pxc00-uMatch-

Node

siemens pxc64-u_firmwareRange<6.00.320

AND

siemens pxc64-uMatch-

Node

siemens pxc128-u_firmwareRange<6.00.320

AND

siemens pxc128-uMatch-

Node

siemens pxa30-w0_firmwareRange<6.00.320

AND

siemens pxa30-w0Match-

Node

siemens pxa30-w1_firmwareRange<6.00.320

AND

siemens pxa30-w1Match-

Node

siemens pxa30-w2_firmwareRange<6.00.320

AND

siemens pxa30-w2Match-

Node

siemens pxc22.1-e.d_firmwareRange<6.00.320

AND

siemens pxc22.1-e.dMatch-

Node

siemens pxc36-e.d_firmwareRange<6.00.320

AND

siemens pxc36-e.dMatch-

Node

siemens pxc36.1-e.d_firmwareRange<6.00.320

AND

siemens pxc36.1-e.dMatch-

[
  {
    "product": "Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All firmware versions < V6.00.320"
      }
    ]
  },
  {
    "product": "Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All firmware versions < V6.00.320"
      }
    ]
  },
  {
    "product": "Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All firmware versions < V6.00.320"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf

Parameter	Position	Path	Description	CWE
dir	query param	/dir?dir=../../.	Denial-of-service via crafted HTTP request to web server using directory traversal to trigger vulnerability	CWE-472, CWE-668

17 Jun 2026 02:17Current

5.2Medium risk

Vulners AI Score5.2

CVSS 25

CVSS 3.15.3

EPSS0.01675

desigo px automation controllers vulnerability denial of service web server security firmware http nvd cve-2019-13927