CVE-2019-13939

Name of the Vulnerable Software and Affected Versions Capital Embedded AR Classic 431-422 (All versions) Capital Embedded AR Classic R20-11 (All versions < V2303) Nucleus NET (All versions) Nucleus ReadyStart V3 (All versions < V2017.02.3) Nucleus Source Code (All versions)

Description A vulnerability has been identified that allows an attacker to change the IP address of a device to an invalid value by sending specially crafted DHCP packets to a device where the DHCP client is enabled. This issue is related to insufficient checking of DHCP packets, which could allow a remote attacker to impact the availability and integrity of protected information.

Recommendations For Capital Embedded AR Classic 431-422, consider disabling the DHCP client until a patch is available. For Capital Embedded AR Classic R20-11 versions < V2303, update to version V2303 or later. For Nucleus NET, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Nucleus ReadyStart V3 versions < V2017.02.3, update to version V2017.02.3 or later. For Nucleus Source Code, at the moment, there is no information about a newer version that contains a fix for this vulnerability.