PT-2018-16559 · Siemens · Desigo Pxc100-E.D+10
Published
2018-01-24
·
Updated
2023-06-13
·
CVE-2018-4834
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Desigo PXC00-E.D versions V4.10 through V4.10.110
Desigo PXC00-E.D versions V5.00 through V5.0.170
Desigo PXC00-E.D versions V5.10 through V5.10.68
Desigo PXC00-E.D versions V6.00 through V6.0.203
Desigo PXC00/64/128-U versions V4.10 through V4.10.110 (only with web module)
Desigo PXC00/64/128-U versions V5.00 through V5.0.170 (only with web module)
Desigo PXC00/64/128-U versions V5.10 through V5.10.68 (only with web module)
Desigo PXC00/64/128-U versions V6.00 through V6.0.203 (only with web module)
Desigo PXC001-E.D versions V4.10 through V4.10.110
Desigo PXC001-E.D versions V5.00 through V5.0.170
Desigo PXC001-E.D versions V5.10 through V5.10.68
Desigo PXC001-E.D versions V6.00 through V6.0.203
Desigo PXC100-E.D versions V4.10 through V4.10.110
Desigo PXC100-E.D versions V5.00 through V5.0.170
Desigo PXC100-E.D versions V5.10 through V5.10.68
Desigo PXC100-E.D versions V6.00 through V6.0.203
Desigo PXC12-E.D versions V4.10 through V4.10.110
Desigo PXC12-E.D versions V5.00 through V5.0.170
Desigo PXC12-E.D versions V5.10 through V5.10.68
Desigo PXC12-E.D versions V6.00 through V6.0.203
Desigo PXC200-E.D versions V4.10 through V4.10.110
Desigo PXC200-E.D versions V5.00 through V5.0.170
Desigo PXC200-E.D versions V5.10 through V5.10.68
Desigo PXC200-E.D versions V6.00 through V6.0.203
Desigo PXC22-E.D versions V4.10 through V4.10.110
Desigo PXC22-E.D versions V5.00 through V5.0.170
Desigo PXC22-E.D versions V5.10 through V5.10.68
Desigo PXC22-E.D versions V6.00 through V6.0.203
Desigo PXC22.1-E.D versions V4.10 through V4.10.110
Desigo PXC22.1-E.D versions V5.00 through V5.0.170
Desigo PXC22.1-E.D versions V5.10 through V5.10.68
Desigo PXC22.1-E.D versions V6.00 through V6.0.203
Desigo PXC36.1-E.D versions V4.10 through V4.10.110
Desigo PXC36.1-E.D versions V5.00 through V5.0.170
Desigo PXC36.1-E.D versions V5.10 through V5.10.68
Desigo PXC36.1-E.D versions V6.00 through V6.0.203
Desigo PXC50-E.D versions V4.10 through V4.10.110
Desigo PXC50-E.D versions V5.00 through V5.0.170
Desigo PXC50-E.D versions V5.10 through V5.10.68
Desigo PXC50-E.D versions V6.00 through V6.0.203
Desigo PXM20-E versions V4.10 through V4.10.110
Desigo PXM20-E versions V5.00 through V5.0.170
Desigo PXM20-E versions V5.10 through V5.10.68
Desigo PXM20-E versions V6.00 through V6.0.203
Description
A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication.
Recommendations
Update Desigo PXC00-E.D to version V4.10.111 or later
Update Desigo PXC00-E.D to version V5.0.171 or later
Update Desigo PXC00-E.D to version V5.10.69 or later
Update Desigo PXC00-E.D to version V6.0.204 or later
Update Desigo PXC00/64/128-U to version V4.10.111 or later (only with web module)
Update Desigo PXC00/64/128-U to version V5.0.171 or later (only with web module)
Update Desigo PXC00/64/128-U to version V5.10.69 or later (only with web module)
Update Desigo PXC00/64/128-U to version V6.0.204 or later (only with web module)
Update Desigo PXC001-E.D to version V4.10.111 or later
Update Desigo PXC001-E.D to version V5.0.171 or later
Update Desigo PXC001-E.D to version V5.10.69 or later
Update Desigo PXC001-E.D to version V6.0.204 or later
Update Desigo PXC100-E.D to version V4.10.111 or later
Update Desigo PXC100-E.D to version V5.0.171 or later
Update Desigo PXC100-E.D to version V5.10.69 or later
Update Desigo PXC100-E.D to version V6.0.204 or later
Update Desigo PXC12-E.D to version V4.10.111 or later
Update Desigo PXC12-E.D to version V5.0.171 or later
Update Desigo PXC12-E.D to version V5.10.69 or later
Update Desigo PXC12-E.D to version V6.0.204 or later
Update Desigo PXC200-E.D to version V4.10.111 or later
Update Desigo PXC200-E.D to version V5.0.171 or later
Update Desigo PXC200-E.D to version V5.10.69 or later
Update Desigo PXC200-E.D to version V6.0.204 or later
Update Desigo PXC22-E.D to version V4.10.111 or later
Update Desigo PXC22-E.D to version V5.0.171 or later
Update Desigo PXC22-E.D to version V5.10.69 or later
Update Desigo PXC22-E.D to version V6.0.204 or later
Update Desigo PXC22.1-E.D to version V4.10.111 or later
Update Desigo PXC22.1-E.D to version V5.0.171 or later
Update Desigo PXC22.1-E.D to version V5.10.69 or later
Update Desigo PXC22.1-E.D to version V6.0.204 or later
Update Desigo PXC36.1-E.D to version V4.10.111 or later
Update Desigo PXC36.1-E.D to version V5.0.171 or later
Update Desigo PXC36.1-E.D to version V5.10.69 or later
Update Desigo PXC36.1-E.D to version V6.0.204 or later
Update Desigo PXC50-E.D to version V4.10.111 or later
Update Desigo PXC50-E.D to version V5.0.171 or later
Update Desigo PXC50-E.D to version V5.10.69 or later
Update Desigo PXC50-E.D to version V6.0.204 or later
Update Desigo PXM20-E to version V4.10.111 or later
Update Desigo PXM20-E to version V5.0.171 or later
Update Desigo PXM20-E to version V5.10.69 or later
Update Desigo PXM20-E to version V6.0.204 or later
Fix
Missing Authentication
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Desigo Pxc00-E.D
Desigo Pxc00/64/128-U
Desigo Pxc001-E.D
Desigo Pxc100-E.D
Desigo Pxc12-E.D
Desigo Pxc200-E.D
Desigo Pxc22-E.D
Desigo Pxc22.1-E.D
Desigo Pxc36.1-E.D
Desigo Pxc50-E.D
Desigo Pxm20-E