Lucene search

SiemensCVE-2022-38371

HistoryOct 11, 2022 - 11:15 a.m.

CVE-2022-38371

2022-10-1111:15:10

CWE-401

CWE-400

siemens

web.nvd.nist.gov

cve-2022-38371

apogee

desigo

nucleus net

talon

ftp server

dos

vulnerability

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Affected configurations

Nvd

Node

siemensnucleus_net

siemensnucleus_readystart_v3

siemensnucleus_source_codeMatch-

Node

siemensapogee_modular_building_controllerMatch-

AND

siemensapogee_modular_building_controller_firmware

Node

siemensapogee_modular_equiment_controllerMatch-

AND

siemensapogee_modular_equiment_controller_firmware

Node

siemensapogee_pxc_compact_firmware

AND

siemensapogee_pxc_compactMatch-

Node

siemensapogee_pxc_modular_firmware

AND

siemensapogee_pxc_modularMatch-

Node

siemensdesigo_pxc00-e.dMatch-

AND

siemensdesigo_pxc00-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc00-uMatch-

AND

siemensdesigo_pxc00-u_firmwareRange≤2.3

Node

siemensdesigo_pxc001-e.dMatch-

AND

siemensdesigo_pxc001-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc12-e.dMatch-

AND

siemensdesigo_pxc12-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc22-e.dMatch-

AND

siemensdesigo_pxc22-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc22.1-e.dMatch-

AND

siemensdesigo_pxc22.1-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc36.1-e.dMatch-

AND

siemensdesigo_pxc36.1-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc50-e.dMatch-

AND

siemensdesigo_pxc50-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc64-uMatch-

AND

siemensdesigo_pxc64-u_firmwareRange≤2.3

Node

siemensdesigo_pxc100-e.dMatch-

AND

siemensdesigo_pxc100-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxc128-uMatch-

AND

siemensdesigo_pxc128-u_firmwareRange≤2.3

Node

siemensdesigo_pxc200-e.dMatch-

AND

siemensdesigo_pxc200-e.d_firmwareRange≤2.3

Node

siemensdesigo_pxm20-eMatch-

AND

siemensdesigo_pxm20-e_firmwareRange≤2.3

Node

siemenstalon_tc_compactMatch-

AND

siemenstalon_tc_compact_firmware

VendorProductVersionCPE
siemensnucleus_net*cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
siemensnucleus_readystart_v3*cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
siemensnucleus_source_code-cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*
siemensapogee_modular_building_controller-cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*
siemensapogee_modular_building_controller_firmware*cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller-cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller_firmware*cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_pxc_compact_firmware*cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*
siemensapogee_pxc_compact-cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*
siemensapogee_pxc_modular_firmware*cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	nucleus_net	*	cpe:2.3:a:siemens:nucleus_net::::::::
siemens	nucleus_readystart_v3	*	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
siemens	nucleus_source_code	-	cpe:2.3:a:siemens:nucleus_source_code:-:::::::*
siemens	apogee_modular_building_controller	-	cpe:2.3:h:siemens:apogee_modular_building_controller:-:::::::*
siemens	apogee_modular_building_controller_firmware	*	cpe:2.3:o:siemens:apogee_modular_building_controller_firmware::::::::
siemens	apogee_modular_equiment_controller	-	cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:::::::*
siemens	apogee_modular_equiment_controller_firmware	*	cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware::::::::
siemens	apogee_pxc_compact_firmware	*	cpe:2.3:o:siemens:apogee_pxc_compact_firmware::::::::
siemens	apogee_pxc_compact	-	cpe:2.3:h:siemens:apogee_pxc_compact:-:::::::*
siemens	apogee_pxc_modular_firmware	*	cpe:2.3:o:siemens:apogee_pxc_modular_firmware::::::::

Rows per page:

1-10 of 391

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "APOGEE MBC (PPC) (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE MBC (PPC) (P2 Ethernet)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE MEC (PPC) (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE MEC (PPC) (P2 Ethernet)",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.5.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.8.21",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.5.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.8.21",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC00-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "V2.3",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC00-U",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC001-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "V2.3",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC100-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC12-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "V2.3",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC128-U",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC200-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC22-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC22.1-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC36.1-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC50-E.D",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXC64-U",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.3"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Desigo PXM20-E",
    "versions": [
      {
        "status": "affected",
        "version": "V2.3",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus NET for Nucleus PLUS V1",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V5.2a"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus NET for Nucleus PLUS V2",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V5.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V3 V2012",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2012.08.1"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V3 V2017",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2017.02.4"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus Source Code",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "*",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Compact (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.5.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Modular (BACnet)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.5.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-313313.html

cert-portal.siemens.com/productcert/html/ssa-935500.html

cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf

cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf

Social References

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2022-38371