Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSiemensCVE-2021-31887
HistoryNov 09, 2021 - 12:15 p.m.

CVE-2021-31887

2021-11-0912:15:09
CWE-787
CWE-170
siemens
web.nvd.nist.gov
92
cve-2021-31887
vulnerability
apogee
desigo
nucleus
stack-based buffer overflow
dos
remote code execution

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)

Affected configurations

Nvd
Node
siemensnucleus_net
OR
siemensnucleus_readystart_v3Range<2017.02.4
OR
siemensnucleus_source_code
Node
siemensapogee_modular_building_controller_firmware
AND
siemensapogee_modular_building_controllerMatch-
Node
siemensapogee_modular_equiment_controller_firmware
AND
siemensapogee_modular_equiment_controllerMatch-
Node
siemensapogee_pxc_compact_firmwareRange<2.8.19p2_ethernet
OR
siemensapogee_pxc_compact_firmwareRange<3.5.4bacnet
AND
siemensapogee_pxc_compactMatch-
Node
siemensapogee_pxc_modular_firmwareRange<2.8.19p2_ethernet
OR
siemensapogee_pxc_modular_firmwareRange<3.5.4bacnet
AND
siemensapogee_pxc_modularMatch-
Node
siemenstalon_tc_compact_firmwareRange<3.5.4
AND
siemenstalon_tc_compactMatch-
Node
siemenstalon_tc_modular_firmwareRange<3.5.4
AND
siemenstalon_tc_modularMatch-
Node
siemensdesigo_pxc00-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc00-e.dMatch-
Node
siemensdesigo_pxc00-u_firmwareRange2.36.30.016
AND
siemensdesigo_pxc00-uMatch-
Node
siemensdesigo_pxc001-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc001-e.dMatch-
Node
siemensdesigo_pxc12-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc12-e.dMatch-
Node
siemensdesigo_pxc22-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc22-e.dMatch-
Node
siemensdesigo_pxc22.1-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc22.1-e.dMatch-
Node
siemensdesigo_pxc36.1-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc36.1-e.dMatch-
Node
siemensdesigo_pxc50-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc50-e.dMatch-
Node
siemensdesigo_pxc64-u_firmwareRange2.36.30.016
AND
siemensdesigo_pxc64-uMatch-
Node
siemensdesigo_pxc100-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc100-e.dMatch-
Node
siemensdesigo_pxc128-u_firmwareRange2.36.30.016
AND
siemensdesigo_pxc128-uMatch-
Node
siemensdesigo_pxc200-e.d_firmwareRange2.36.30.016
AND
siemensdesigo_pxc200-e.dMatch-
Node
siemensdesigo_pxm20-e_firmwareRange2.36.30.016
AND
siemensdesigo_pxm20-eMatch-
VendorProductVersionCPE
siemensnucleus_net*cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
siemensnucleus_readystart_v3*cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
siemensnucleus_source_code*cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*
siemensapogee_modular_building_controller_firmware*cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_modular_building_controller-cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller_firmware*cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller-cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*
siemensapogee_pxc_compact_firmware*cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:p2_ethernet:*:*:*
siemensapogee_pxc_compact_firmware*cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:bacnet:*:*:*
siemensapogee_pxc_compact-cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 431

CNA Affected

[
  {
    "product": "APOGEE MBC (PPC) (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "APOGEE MBC (PPC) (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "APOGEE MEC (PPC) (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "APOGEE MEC (PPC) (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "APOGEE PXC Compact (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.4"
      }
    ]
  },
  {
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.8.19"
      }
    ]
  },
  {
    "product": "APOGEE PXC Modular (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.4"
      }
    ]
  },
  {
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.8.19"
      }
    ]
  },
  {
    "product": "Desigo PXC00-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC00-U",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC001-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC100-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC12-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC128-U",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC200-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC22-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC22.1-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC36.1-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC50-E.D",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXC64-U",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Desigo PXM20-E",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3 and < V6.30.016"
      }
    ]
  },
  {
    "product": "Nucleus NET",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Nucleus ReadyStart V3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2017.02.4"
      }
    ]
  },
  {
    "product": "Nucleus Source Code",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "TALON TC Compact (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.4"
      }
    ]
  },
  {
    "product": "TALON TC Modular (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.4"
      }
    ]
  }
]

Related

cnvd 1
prion 1
cvelist 1
nvd 1
thn 1
nessus 14
f5 1
ics 2
malwarebytes 1
cnvd
cnvd
Incorrect Zero Termination Vulnerability in Multiple Siemens Products (CNVD-2021-89437)
2021-11-11 00:00:00
prion
prion
Stack overflow
2021-11-09 12:15:00
cvelist
cvelist
CVE-2021-31887
2021-11-09 11:32:00
nvd
nvd
CVE-2021-31887
2021-11-09 12:15:09
thn
thn
13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment
2021-11-10 10:11:00
nessus
nessus
Nucleus FTP Server Multiple Vulnerabilities (NUCLEUS:13)
2021-11-11 00:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products Buffer Access with Incorrect Length Value (CVE-2021-31885)
2022-02-07 00:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Null Termination (CVE-2021-31888)
2022-02-07 00:00:00
f5
f5
K000135330 : Multiple Nucleus TCP/IP stack vulnerabilities
2023-06-30 00:00:00
ics
ics
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
2022-05-12 12:00:00
Siemens Nucleus RTOS TCP/IP Stack
2021-11-17 12:00:00
malwarebytes
malwarebytes
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
2021-11-10 14:30:23

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.003

Percentile

69.0%

JSON
Related for CVE-2021-31887
cnvd1prion1cvelist1nvd1thn1nessus14f51ics2malwarebytes1