9.8
CVE-2021-31884
- EPSS 0.73%
- Published 09.11.2021 12:15:09
- Last modified 21.11.2024 06:06:25
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Capital Vstar Version-
Siemens ≫ Nucleus Readystart V3 Version < 2017.02.1
Siemens ≫ Apogee Pxc Compact Firmware Version < 2.8.19
Siemens ≫ Apogee Pxc Modular Firmware Version < 2.8.19
Siemens ≫ Talon Tc Compact Firmware Version < 3.5.4
Siemens ≫ Talon Tc Modular Firmware Version < 3.5.4
Siemens ≫ Desigo Pxc00-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc00-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc001-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc12-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc22-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc22.1-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc36.1-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc50-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc64-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc100-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc128-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc200-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxm20-e Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Apogee Pxc Compact Firmware Version < 3.5.4
Siemens ≫ Apogee Pxc Modular Firmware Version < 3.5.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.702 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-170 Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.