Lucene search

[email protected]NVD:CVE-2021-31345

HistoryNov 09, 2021 - 12:15 p.m.

CVE-2021-31345

2021-11-0912:15:09

CWE-1284

[email protected]

web.nvd.nist.gov

apogee

desigo

nucleus

udp

payload

vulnerability

information leak

dos

fsmd-2021-0006

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.004

Percentile

73.4%

JSON

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)

Affected configurations

Nvd

Node

siemenscapital_vstar

siemensnucleus_net

siemensnucleus_readystart_v3Range<2014.12

siemensnucleus_source_code

Node

siemensapogee_modular_building_controller_firmware

AND

siemensapogee_modular_building_controllerMatch-

Node

siemensapogee_modular_equiment_controller_firmware

AND

siemensapogee_modular_equiment_controllerMatch-

Node

siemensapogee_pxc_compact_firmware

AND

siemensapogee_pxc_compactMatch-

Node

siemensapogee_pxc_modular_firmware

AND

siemensapogee_pxc_modularMatch-

Node

siemenstalon_tc_compact_firmware

AND

siemenstalon_tc_compactMatch-

Node

siemenstalon_tc_modular_firmware

AND

siemenstalon_tc_modularMatch-

Node

siemensapogee_modular_building_controller_firmware

AND

siemensapogee_modular_building_controllerMatch-

VendorProductVersionCPE
siemenscapital_vstar*cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*
siemensnucleus_net*cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
siemensnucleus_readystart_v3*cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
siemensnucleus_source_code*cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*
siemensapogee_modular_building_controller_firmware*cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_modular_building_controller-cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller_firmware*cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
siemensapogee_modular_equiment_controller-cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*
siemensapogee_pxc_compact_firmware*cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*
siemensapogee_pxc_compact-cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	capital_vstar	*	cpe:2.3:a:siemens:capital_vstar::::::::
siemens	nucleus_net	*	cpe:2.3:a:siemens:nucleus_net::::::::
siemens	nucleus_readystart_v3	*	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
siemens	nucleus_source_code	*	cpe:2.3:a:siemens:nucleus_source_code::::::::
siemens	apogee_modular_building_controller_firmware	*	cpe:2.3:o:siemens:apogee_modular_building_controller_firmware::::::::
siemens	apogee_modular_building_controller	-	cpe:2.3:h:siemens:apogee_modular_building_controller:-:::::::*
siemens	apogee_modular_equiment_controller_firmware	*	cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware::::::::
siemens	apogee_modular_equiment_controller	-	cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:::::::*
siemens	apogee_pxc_compact_firmware	*	cpe:2.3:o:siemens:apogee_pxc_compact_firmware::::::::
siemens	apogee_pxc_compact	-	cpe:2.3:h:siemens:apogee_pxc_compact:-:::::::*

Rows per page:

1-10 of 161

References

cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf

cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.004

Percentile

73.4%

JSON

Related for NVD:CVE-2021-31345

cvelist1 cnvd1 prion1 cve1 ics4 nessus1 f51