OTPulse
FeedAboutContact

Siemens Desigo PX Devices

Monitor5.3ICS-CERT ICSA-19-318-03Nov 12, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Siemens Desigo PX automation controllers contain a denial-of-service vulnerability in the web interface. The vulnerability allows an unauthenticated remote attacker to cause the device to stop responding to requests, affecting availability of the building automation control system.

What this means
What could happen
An attacker could crash the web interface of your Desigo PX controller, making it unavailable for remote monitoring and control of building automation systems until the device is manually rebooted. This disrupts visibility and remote operation of HVAC, lighting, and other building systems.
Who's at risk
Building automation operators and facility managers running Siemens Desigo PX controllers with web interface modules or enabled web servers. This affects organizations managing HVAC, lighting, and other building comfort and safety systems that rely on remote monitoring and control via the PX Web interface.
How it could be exploited
An attacker on the network (or the Internet if your web interface is exposed) sends crafted requests to the web service on the PX controller. No credentials are needed. The malformed request causes the web server process to become unresponsive, denying service to legitimate users trying to monitor or control building systems remotely.
Prerequisites
  • Network access to the Desigo PX web interface port (typically port 80 or 443)
  • The web server module (PXA40-W or PXA30-W) or web server functionality must be enabled on the controller
remotely exploitableno authentication requiredlow complexityaffects availability of building automation systems
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Desigo PX automation controllers PXC00-E.D PXC50-E.DPXC50-E.D6.00.320
Desigo PX automation controllers PXC00-U PXC64-UPXC64-U6.00.320
Desigo PX automation controllers PXC22.1-E.D PXC36-E.DPXC36-E.D6.00.320
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the PX Web interface to only trusted networks and users; disable external internet access
HARDENINGIf remote access is needed, route traffic through a VPN or firewall with strict access controls
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Desigo PX controllers (PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D, PXC00-U, PXC64-U, PXC128-U, PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D) to firmware version 6.00.320 or later
Long-term hardening
0/1
HARDENINGIsolate the Desigo PX control network from the business network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/01b38bbf-9792-4fdc-a2a1-2e25cb2a4b59