Remote Firmware Upload Vulnerability in Siemens Desigo PXC and PXM Series
CVE-2018-4834

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Desigo Pxc00-e.d V4.10; Desigo Pxc00-e.d V5.00; Desigo Pxc00-e.d V5.10; Desigo Pxc00-e.d V6.00
Vendor: CVE Published:; 24 January 2018

Summary

A vulnerability in Siemens Desigo series products allows a remote attacker with network access to upload a new firmware image to the devices without requiring prior authentication. This can potentially lead to unauthorized control over the device and compromise of sensitive data.

Affected Version(s)

Desigo PXC00-E.D V4.10 All versions < V4.10.111

Desigo PXC00-E.D V5.00 All versions < V5.0.171

Desigo PXC00-E.D V5.10 All versions < V5.10.69

References

https://cert-portal.siemens.com/productcert/pdf/ssa-82423...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2018
Vulnerability Reserved
Jan 2, 2018