LiveActive security incident?Get immediate response
CVE Record

CVE-2019-13939: A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact...

A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8.2 < V2.8.19), Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Desigo PXC00-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC100-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC12-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC50-E.D (All versions >= V2.3 < V6.0.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.

HighCVSS 7.1Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This Siemens vulnerability can let an unauthenticated attacker on the same network disrupt affected controllers by abusing DHCP handling. The reported impact is mainly availability: a device can be assigned an invalid IP address, potentially interrupting building automation or embedded device operations.

Executive priority

Treat this as a high-priority OT availability issue where affected devices support building operations. Prioritize sites with DHCP enabled, shared networks, or limited segmentation. It is less urgent for isolated devices or products already above the Siemens fixed-version thresholds.

Technical view

CVE-2019-13939 is an input validation flaw in DHCP client handling across listed Siemens APOGEE, Desigo, TALON, Capital Embedded, Nucleus, and SIMOTICS products. Specially crafted DHCP packets can change a device IP address to an invalid value when DHCP client functionality is enabled. CVSS is 7.1, adjacent network, low complexity, no privileges, no user interaction.

Likely exposure

Exposure is most likely in operational technology or building automation networks using affected Siemens controllers or embedded components with DHCP client enabled. The attacker needs adjacent network access, so flat facilities networks, shared VLANs, or weakly controlled maintenance networks increase risk.

Exploitation context

The provided sources do not show CISA KEV listing or confirmed active exploitation. The attack is not described as internet-routable; the CVSS vector requires adjacent network access. Evidence supports disruption potential, not confidentiality impact.

Researcher notes

Key validation points are product family, exact version, DHCP client state, and network adjacency. The source bundle names many affected ranges but does not provide exploit details. Avoid assuming internet exposure or active exploitation without additional evidence.

Mitigation direction

  • Upgrade affected products to Siemens-listed non-affected versions where available.
  • For products listed as all versions affected, follow Siemens advisory guidance.
  • Disable DHCP client functionality where operationally safe and supported.
  • Restrict access to building automation and OT network segments.
  • Monitor for unexpected IP address changes on affected devices.

Validation and detection

  • Inventory Siemens APOGEE, Desigo, TALON, Capital Embedded, Nucleus, and SIMOTICS assets.
  • Compare firmware or software versions against the affected ranges.
  • Confirm whether DHCP client functionality is enabled on each device.
  • Review network segmentation for adjacent access to affected devices.
  • Check logs or asset monitoring for unexpected IP changes.
Prepared
Confidence
high
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-13939 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.1 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
6Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.1CVSS 3.1HighCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H2.84.2Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.1High
CVSS 3.1 vector shape for CVE-2019-13939Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
SiemensAPOGEE MEC/MBC/PXC (P2)All versions < V2.8.2unknown
SiemensAPOGEE PXC Compact (BACnet)0unknown
SiemensAPOGEE PXC Compact (P2 Ethernet)V2.8.2unknown
SiemensAPOGEE PXC Modular (BACnet)0unknown
SiemensAPOGEE PXC Modular (P2 Ethernet)V2.8.2unknown
SiemensCapital Embedded AR Classic 431-4220unknown
SiemensCapital Embedded AR Classic R20-110unknown
SiemensDesigo PXC00-E.DV2.3unknown
SiemensDesigo PXC00-UAll versions >= V2.3x and < V6.00.327unknown
SiemensDesigo PXC001-E.DV2.3unknown
SiemensDesigo PXC100-E.DV2.3unknown
SiemensDesigo PXC12-E.DV2.3unknown
SiemensDesigo PXC128-UAll versions >= V2.3x and < V6.00.327unknown
SiemensDesigo PXC200-E.DV2.3unknown
SiemensDesigo PXC22-E.DV2.3unknown
SiemensDesigo PXC22.1-E.DV2.3unknown
SiemensDesigo PXC36.1-E.DV2.3unknown
SiemensDesigo PXC50-E.DV2.3unknown
SiemensDesigo PXC64-UAll versions >= V2.3x and < V6.00.327unknown
SiemensDesigo PXM20-EV2.3unknown
SiemensNucleus NET0unknown
SiemensNucleus ReadyStart V30unknown
SiemensNucleus Source Code0unknown
SiemensSIMOTICS CONNECT 400All versions < V0.3.0.330unknown
SiemensTALON TC Compact (BACnet)0unknown
SiemensTALON TC Modular (BACnet)0unknown
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-20 · source CWE mapping

Improper Input Validation

Improper Input Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.