Lucene search
China National Vulnerability DatabaseCNVD-2021-89436HistoryNov 11, 2021 - 12:00 a.m.
Incorrect Zero Termination Vulnerability in Multiple Siemens Products (CNVD-2021-89436)
2021-11-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
0.003 Low
EPSS
Percentile
69.7%
Nucleus NET modules integrate a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. A security vulnerability exists in several Siemens products, which stems from the FTP server not properly validating the length of the “MKD/XMKD” command, resulting in a stack buffer overflow. An attacker could exploit the vulnerability to cause a denial of service condition and remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| SIEMENS Nucleus ReadyStart V3< | eq | 2017.02.4 |
Related
cvelist
cvelist
CVE-2021-31888
2021-11-09 11:32:00
cve
cve
CVE-2021-31888
2021-11-09 12:15:09
prion
prion
Stack overflow
2021-11-09 12:15:00
nvd
nvd
CVE-2021-31888
2021-11-09 12:15:09
nessus
nessus
thn
thn
ics
ics
Siemens Nucleus RTOS TCP/IP Stack
2021-11-17 12:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
2022-05-12 12:00:00
f5
f5
K000135330 : Multiple Nucleus TCP/IP stack vulnerabilities
2023-06-30 00:00:00
malwarebytes
malwarebytes