TROYANOSYVIRUS
Volver a CVEs

CVE-2021-31884

CRITICAL
9.8

Descripcion

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/9/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

siemens:apogee_modular_building_controllersiemens:apogee_modular_building_controller_firmwaresiemens:apogee_modular_equiment_controllersiemens:apogee_modular_equiment_controller_firmwaresiemens:apogee_pxc_compactsiemens:apogee_pxc_compact_firmwaresiemens:apogee_pxc_modularsiemens:apogee_pxc_modular_firmwaresiemens:capital_vstarsiemens:desigo_pxc00-e.dsiemens:desigo_pxc00-e.d_firmwaresiemens:desigo_pxc00-usiemens:desigo_pxc00-u_firmwaresiemens:desigo_pxc001-e.dsiemens:desigo_pxc001-e.d_firmwaresiemens:desigo_pxc100-e.dsiemens:desigo_pxc100-e.d_firmwaresiemens:desigo_pxc12-e.dsiemens:desigo_pxc12-e.d_firmwaresiemens:desigo_pxc128-usiemens:desigo_pxc128-u_firmwaresiemens:desigo_pxc200-e.dsiemens:desigo_pxc200-e.d_firmwaresiemens:desigo_pxc22-e.dsiemens:desigo_pxc22-e.d_firmwaresiemens:desigo_pxc22.1-e.dsiemens:desigo_pxc22.1-e.d_firmwaresiemens:desigo_pxc36.1-e.dsiemens:desigo_pxc36.1-e.d_firmwaresiemens:desigo_pxc50-e.dsiemens:desigo_pxc50-e.d_firmwaresiemens:desigo_pxc64-usiemens:desigo_pxc64-u_firmwaresiemens:desigo_pxm20-esiemens:desigo_pxm20-e_firmwaresiemens:nucleus_netsiemens:nucleus_readystart_v3siemens:nucleus_source_codesiemens:talon_tc_compactsiemens:talon_tc_compact_firmwaresiemens:talon_tc_modularsiemens:talon_tc_modular_firmware

Debilidades (CWE)

CWE-170

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.