Denial of Service Vulnerability in Desigo DXR and PXC Controllers
Plan Patch7.5SSA-662649May 10, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A denial of service vulnerability in Siemens Desigo DXR and PXC building automation controllers allows an attacker to disable the device and force it to reset to factory configuration. The vulnerability can be triggered remotely without authentication.
What this means
What could happen
An attacker could disable a building automation controller, disrupting HVAC, lighting, or access control systems and forcing a factory reset that wipes the device configuration. Recovery requires manual reconfiguration and extended downtime.
Who's at risk
Building automation and facility management teams should prioritize this update. Affected equipment includes Siemens Desigo DXR2, PXC3, PXC4, and PXC5 controllers that manage HVAC, lighting, fire safety, and access control systems in commercial buildings and facilities.
How it could be exploited
An attacker with network access to the controller sends a crafted denial of service message to trigger the vulnerability, causing the device to crash and reset to factory state. No authentication is required.
Prerequisites
- Network access to the Desigo controller on the building automation network
- No credentials required
Remotely exploitableNo authentication requiredLow complexityAffects building automation systems
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Desigo DXR2< V01.21.142.5-2201.21.142.5-22
Desigo PXC3< V01.21.142.4-1801.21.142.4-18
Desigo PXC4< V02.20.142.10-1088402.20.142.10-10884
Desigo PXC5< V02.20.142.10-1088402.20.142.10-10884
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDRestrict network access to Desigo controllers using firewall rules, allowing only trusted engineering workstations and building automation servers
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
Desigo DXR2
HOTFIXUpdate Desigo DXR2 to firmware version 01.21.142.5-22 or later
Desigo PXC3
HOTFIXUpdate Desigo PXC3 to firmware version 01.21.142.4-18 or later
Desigo PXC4
HOTFIXUpdate Desigo PXC4 to firmware version 02.20.142.10-10884 or later
Desigo PXC5
HOTFIXUpdate Desigo PXC5 to firmware version 02.20.142.10-10884 or later
Long-term hardening
0/1HARDENINGSegment building automation network from corporate IT network to limit attacker reach
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/caa30751-d81b-444b-ad41-4889dc1ce925