Incorrect Input Validation Vulnerability in Multiple Siemens Products

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating system. A security vulnerability exists in several Siemens products. The vulnerability stems from the total length of the UDP payload (set in the IP header) being unchecked. An attacker can exploit the vulnerability to cause information disclosure and denial of service conditions, depending on the user-defined application running on top of the UDP protocol.