9.8
CVE-2021-31886
- EPSS 3.93%
- Published 09.11.2021 12:15:09
- Last modified 21.11.2024 06:06:25
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Nucleus Readystart V3 Version < 2017.02.4
Siemens ≫ Apogee Pxc Compact Firmware SwEditionp2_ethernet Version < 2.8.19
Siemens ≫ Apogee Pxc Compact Firmware SwEditionbacnet Version < 3.5.4
Siemens ≫ Apogee Pxc Modular Firmware SwEditionp2_ethernet Version < 2.8.19
Siemens ≫ Apogee Pxc Modular Firmware SwEditionbacnet Version < 3.5.4
Siemens ≫ Talon Tc Compact Firmware Version < 3.5.4
Siemens ≫ Talon Tc Modular Firmware Version < 3.5.4
Siemens ≫ Desigo Pxc00-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc00-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc001-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc12-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc22-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc22.1-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc36.1-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc50-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc64-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc100-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc128-u Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxc200-e.D Firmware Version >= 2.3 < 6.30.016
Siemens ≫ Desigo Pxm20-e Firmware Version >= 2.3 < 6.30.016
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.93% | 0.879 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-170 Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.