Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31346 (GCVE-0-2021-31346)
Vulnerability from cvelistv5
Published
2021-11-09 11:31
Modified
2025-03-11 09:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Capital Embedded AR Classic 431-422 |
Version: 0 < * |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic 431-422",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic R20-11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "PLUSCONTROL 1st Gen",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTICS CONNECT 400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V0.5.0.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMOTICS CONNECT 400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T09:47:39.488Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31346",
"datePublished": "2021-11-09T11:31:53",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2025-03-11T09:47:39.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31346\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-11-09T12:15:09.200\",\"lastModified\":\"2024-11-21T06:05:27.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet activadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22.1-E. D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1. 1), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). La longitud total de una carga \u00fatil ICMP (fijada en la cabecera IP) no est\u00e1 marcada. Esto puede conducir a varios efectos secundarios, incluyendo la fuga de informaci\u00f3n y las condiciones de denegaci\u00f3n de servicio, dependiendo de la organizaci\u00f3n del buffer de red en la memoria. (FSMD-2021-0007)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A987CFB-4A41-4F82-8C7F-31DE8F0650DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2017.02.1\",\"matchCriteriaId\":\"769372D0-68B3-47F3-B13B-43EAAF7E822D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.1\",\"matchCriteriaId\":\"BEB581B9-8F63-4117-A420-C271E5FF6EC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAF9C3-B56A-4F40-B90B-D0DE96869A44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACCB699F-4F10-47BD-8890-047380972BE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7945BF7D-AB3A-4285-9C58-D56149ADFC15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"105A6FFB-1176-4021-868D-3D6CE77113B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BE40AF-B7A4-498A-943E-11AA9393A3D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CA14719-C655-4BED-AE8D-B9C983847AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3470FD-BEBE-465F-A189-F4CEDD0F6815\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-044112.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-114589.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-223353.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-620288.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-845392.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
icsa-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
Summary
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as "NUCLEUS:13" and as documented below.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "coordinated disclosure"
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as \"NUCLEUS:13\" and as documented below.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS TCP/IP Stack",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-313-03",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Moved product CAPITAL VSTAR to a separate advisory (SSA-620288)"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus NET",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Nucleus NET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2017.02.4",
"product": {
"name": "Nucleus ReadyStart V3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.1",
"product": {
"name": "Nucleus ReadyStart V4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus Source Code",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Nucleus Source Code"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-22-069-02
Vulnerability from csaf_cisa
Published
2022-03-08 00:00
Modified
2025-05-06 06:00
Summary
Siemens SIMOTICS CONNECT 400
Notes
Summary
Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
SIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below.
Siemens has released an update for the SIMOTICS CONNECT 400 and recommends to update to the latest version.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \u201cNUCLEUS:13\u201d) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nSIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below.\n\nSiemens has released an update for the SIMOTICS CONNECT 400 and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-223353.json"
},
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-223353.txt"
},
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-069-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-069-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMOTICS CONNECT 400",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-069-02",
"initial_release_date": "2022-03-08T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-03-08T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "2",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV0.5.0.0",
"product": {
"name": "SIMOTICS CONNECT 400",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMOTICS CONNECT 400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0.0.0",
"product": {
"name": "SIMOTICS CONNECT 400",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMOTICS CONNECT 400"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31344 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31344 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31346 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31346 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31889 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31890 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31890 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-21-350-06
Vulnerability from csaf_cisa
Published
2021-12-14 00:00
Modified
2025-05-06 06:00
Summary
Siemens Capital VSTAR
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json"
},
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-350-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-350-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Capital VSTAR",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"date": "2025-03-06T09:05:00.000000Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-350-06",
"initial_release_date": "2021-12-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-11-08T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Removed CVE-2021-31884 as Capital VSTAR is not affected"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11"
},
{
"date": "2025-03-11T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Updated remediation of Capital Embedded AR Classic 431-422 as no fix planned"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Capital Embedded AR Classic 431-422",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic 431-422"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2303",
"product": {
"name": "Capital Embedded AR Classic R20-11",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic R20-11"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-315-07",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
},
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
},
{
"date": "2022-05-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (BACnet)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (BACnet)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Compact (BACnet)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Compact (P2 Ethernet)",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Modular (BACnet)",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Modular (P2 Ethernet)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-E.D",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-U",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC001-E.D",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Desigo PXC001-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC12-E.D",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Desigo PXC12-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22-E.D",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Desigo PXC22-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22.1-E.D",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Desigo PXC22.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC36.1-E.D",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Desigo PXC36.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC50-E.D",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Desigo PXC50-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC64-U",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Desigo PXC64-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC100-E.D",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Desigo PXC100-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC128-U",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Desigo PXC128-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC200-E.D",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Desigo PXC200-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXM20-E",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Desigo PXM20-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Compact (BACnet)",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "TALON TC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Modular (BACnet)",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "TALON TC Modular (BACnet)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-315-07",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
},
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
},
{
"date": "2022-05-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (BACnet)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (BACnet)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Compact (BACnet)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Compact (P2 Ethernet)",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Modular (BACnet)",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Modular (P2 Ethernet)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-E.D",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-U",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC001-E.D",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Desigo PXC001-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC12-E.D",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Desigo PXC12-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22-E.D",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Desigo PXC22-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22.1-E.D",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Desigo PXC22.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC36.1-E.D",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Desigo PXC36.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC50-E.D",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Desigo PXC50-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC64-U",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Desigo PXC64-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC100-E.D",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Desigo PXC100-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC128-U",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Desigo PXC128-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC200-E.D",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Desigo PXC200-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXM20-E",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Desigo PXM20-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Compact (BACnet)",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "TALON TC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Modular (BACnet)",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "TALON TC Modular (BACnet)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-21-350-06
Vulnerability from csaf_cisa
Published
2021-12-14 00:00
Modified
2025-05-06 06:00
Summary
Siemens Capital VSTAR
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json"
},
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-350-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-06.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-350-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Capital VSTAR",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"date": "2025-03-06T09:05:00.000000Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-350-06",
"initial_release_date": "2021-12-14T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-11-08T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Removed CVE-2021-31884 as Capital VSTAR is not affected"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11"
},
{
"date": "2025-03-11T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Updated remediation of Capital Embedded AR Classic 431-422 as no fix planned"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Capital Embedded AR Classic 431-422",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic 431-422"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2303",
"product": {
"name": "Capital Embedded AR Classic R20-11",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic R20-11"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE, Desigo, and TALON products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-22-013-03
Vulnerability from csaf_cisa
Published
2022-01-11 00:00
Modified
2025-05-06 06:00
Summary
Siemens Energy PLUSCONTROL
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
PLUSCONTROL 1st Gen devices are affected by some of the vulnerabilities as documented below.
Siemens Energy recommends specific countermeasures for products where updates are not available.
General Recommendations
Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.
Siemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.
As a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nPLUSCONTROL 1st Gen devices are affected by some of the vulnerabilities as documented below.\n\nSiemens Energy recommends specific countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-845392.json"
},
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-845392.txt"
},
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-013-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-013-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-013-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-013-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Energy PLUSCONTROL",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-013-03",
"initial_release_date": "2022-01-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-01-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "2",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PLUSCONTROL 1st Gen",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PLUSCONTROL 1st Gen"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
Summary
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as "NUCLEUS:13" and as documented below.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "coordinated disclosure"
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as \"NUCLEUS:13\" and as documented below.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS TCP/IP Stack",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-313-03",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Moved product CAPITAL VSTAR to a separate advisory (SSA-620288)"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus NET",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Nucleus NET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2017.02.4",
"product": {
"name": "Nucleus ReadyStart V3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.1",
"product": {
"name": "Nucleus ReadyStart V4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus Source Code",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Nucleus Source Code"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-22-069-02
Vulnerability from csaf_cisa
Published
2022-03-08 00:00
Modified
2025-05-06 06:00
Summary
Siemens SIMOTICS CONNECT 400
Notes
Summary
Multiple vulnerabilities (also known as “NUCLEUS:13”) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
SIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below.
Siemens has released an update for the SIMOTICS CONNECT 400 and recommends to update to the latest version.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \u201cNUCLEUS:13\u201d) have been identified in the Nucleus RTOS (real-time operating system), originally reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nSIMOTICS CONNECT 400 devices are affected by some of the vulnerabilities as documented below.\n\nSiemens has released an update for the SIMOTICS CONNECT 400 and recommends to update to the latest version.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-223353.json"
},
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-223353.txt"
},
{
"category": "self",
"summary": "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-069-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-069-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SIMOTICS CONNECT 400",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-069-02",
"initial_release_date": "2022-03-08T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-03-08T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "2",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV0.5.0.0",
"product": {
"name": "SIMOTICS CONNECT 400",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SIMOTICS CONNECT 400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV1.0.0.0",
"product": {
"name": "SIMOTICS CONNECT 400",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SIMOTICS CONNECT 400"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31344 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31344 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31346 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31346 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31889 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"summary": "CVE-2021-31890 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31890 - SIMOTICS CONNECT 400",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V0.5.0.0 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
},
{
"category": "vendor_fix",
"details": "Update to V1.0.0.0 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109778383/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-22-013-03
Vulnerability from csaf_cisa
Published
2022-01-11 00:00
Modified
2025-05-06 06:00
Summary
Siemens Energy PLUSCONTROL
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
PLUSCONTROL 1st Gen devices are affected by some of the vulnerabilities as documented below.
Siemens Energy recommends specific countermeasures for products where updates are not available.
General Recommendations
Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.
Siemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.
As a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nPLUSCONTROL 1st Gen devices are affected by some of the vulnerabilities as documented below.\n\nSiemens Energy recommends specific countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-845392.json"
},
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-845392.txt"
},
{
"category": "self",
"summary": "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-013-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-013-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-013-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-013-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Energy PLUSCONTROL",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-013-03",
"initial_release_date": "2022-01-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-01-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "2",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "PLUSCONTROL 1st Gen",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "PLUSCONTROL 1st Gen"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ghsa-gwc7-j4mc-q8fw
Vulnerability from github
Published
2022-05-24 19:20
Modified
2024-10-08 09:30
Severity ?
VLAI Severity ?
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
{
"affected": [],
"aliases": [
"CVE-2021-31346"
],
"database_specific": {
"cwe_ids": [
"CWE-1284"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-09T12:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"id": "GHSA-gwc7-j4mc-q8fw",
"modified": "2024-10-08T09:30:50Z",
"published": "2022-05-24T19:20:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31346"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
SSA-620288
Vulnerability from csaf_siemens
Published
2021-12-14 00:00
Modified
2024-10-08 00:00
Summary
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json"
}
],
"title": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic",
"tracking": {
"current_release_date": "2024-10-08T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-620288",
"initial_release_date": "2021-12-14T00:00:00Z",
"revision_history": [
{
"date": "2021-12-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-11-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Removed CVE-2021-31884 as Capital VSTAR is not affected"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11"
}
],
"status": "interim",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Capital Embedded AR Classic 431-422",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic 431-422"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2303",
"product": {
"name": "Capital Embedded AR Classic R20-11",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic R20-11"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ssa-620288
Vulnerability from csaf_siemens
Published
2021-12-14 00:00
Modified
2024-10-08 00:00
Summary
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"category": "self",
"summary": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json"
}
],
"title": "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic",
"tracking": {
"current_release_date": "2024-10-08T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-620288",
"initial_release_date": "2021-12-14T00:00:00Z",
"revision_history": [
{
"date": "2021-12-14T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2022-11-08T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Removed CVE-2021-31884 as Capital VSTAR is not affected"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11"
}
],
"status": "interim",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Capital Embedded AR Classic 431-422",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic 431-422"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003cV2303",
"product": {
"name": "Capital Embedded AR Classic R20-11",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Capital Embedded AR Classic R20-11"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2"
]
},
"remediations": [
{
"category": "mitigation",
"details": "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls",
"product_ids": [
"1",
"2"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"1"
]
},
{
"category": "vendor_fix",
"details": "Update to V2303 or later version",
"product_ids": [
"2"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"title": "CVE-2021-31890"
}
]
}
CERTFR-2022-AVI-216
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Mendix Forgot Password Appstore module versions 3.2.x antérieures à 3.2.2
- Mendix Forgot Password Appstore module versions 3.3.x à 3.5.x antérieures à 3.5.1
- Mendix Applications utilisant Mendix versions 7.x antérieures à 7.23.29
- Mendix Applications utilisant Mendix versions 8.x antérieures à 8.18.16
- COMOS versions antérieures à 10.4.1
- Simcenter STAR-CCM+ Viewer versions antérieures à V2022.1
- SIMOTICS CONNECT 400 versions antérieures à 1.0.0.0
- Climatix POL909 (module AWB) versions antérieures à 11.44
- Climatix POL909 (module AWM) versions antérieures à 11.36
- RUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0
- SINUMERIK MC versions antérieures à 1.15 SP1
- SINUMERIK ONE versions antérieures à 6.15 SP1
- SINEC INS versions antérieures à 1.0.1.1
- RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions antérieures à 2.15.0
- Polarion Subversion Webclient versions antérieures à 21 R2 P2
- RUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0
L'éditeur ne propose pas de correctif pour :
- Mendix Applications utilisant Mendix versions 9
- SINEC NMS toutes versions
Se référer aux mesures de contournement proposées dans la section Documentation.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.2.x ant\u00e9rieures \u00e0 3.2.2\u003c/li\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.3.x \u00e0 3.5.x ant\u00e9rieures \u00e0 3.5.1\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 7.x ant\u00e9rieures \u00e0 7.23.29\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 8.x ant\u00e9rieures \u00e0 8.18.16\u003c/li\u003e \u003cli\u003eCOMOS versions ant\u00e9rieures \u00e0 10.4.1\u003c/li\u003e \u003cli\u003eSimcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2022.1\u003c/li\u003e \u003cli\u003eSIMOTICS CONNECT 400 versions ant\u00e9rieures \u00e0 1.0.0.0\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWB) versions ant\u00e9rieures \u00e0 11.44\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWM) versions ant\u00e9rieures \u00e0 11.36\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003cli\u003eSINUMERIK MC versions ant\u00e9rieures \u00e0 1.15 SP1\u003c/li\u003e \u003cli\u003eSINUMERIK ONE versions ant\u00e9rieures \u00e0 6.15 SP1\u003c/li\u003e \u003cli\u003eSINEC INS versions ant\u00e9rieures \u00e0 1.0.1.1\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions ant\u00e9rieures \u00e0 2.15.0\u003c/li\u003e \u003cli\u003ePolarion Subversion Webclient versions ant\u00e9rieures \u00e0 21 R2 P2\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour :\u003c/p\u003e \u003cul\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 9\u003c/li\u003e \u003cli\u003eSINEC NMS toutes versions\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es dans la section Documentation.\u003c/p\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44478"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2021-42017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42017"
},
{
"name": "CVE-2022-24282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
},
{
"name": "CVE-2021-25215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
},
{
"name": "CVE-2019-19317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2021-25174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25174"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2021-32944",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32944"
},
{
"name": "CVE-2019-19244",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2021-42020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42020"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2022-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
},
{
"name": "CVE-2021-32936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2020-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
},
{
"name": "CVE-2021-32946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32946"
},
{
"name": "CVE-2021-41543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41543"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2021-40366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40366"
},
{
"name": "CVE-2021-41542",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41542"
},
{
"name": "CVE-2021-41541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41541"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-24309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24309"
},
{
"name": "CVE-2020-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2019-19924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
},
{
"name": "CVE-2021-32938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2022-26317",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26317"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2021-32940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32940"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37208"
},
{
"name": "CVE-2021-32948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2022-26313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26313"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2021-25216",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25216"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2019-19242",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2021-25177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25177"
},
{
"name": "CVE-2021-25175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25175"
},
{
"name": "CVE-2021-22884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
},
{
"name": "CVE-2021-32952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32952"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2018-7160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7160"
},
{
"name": "CVE-2021-32950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32950"
},
{
"name": "CVE-2021-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2022-26314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26314"
},
{
"name": "CVE-2021-31784",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31784"
},
{
"name": "CVE-2021-22883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22883"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2022-24408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24408"
},
{
"name": "CVE-2021-42016",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42016"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-39134",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2020-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8287"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2022-24661",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24661"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2021-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-42018",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42018"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2021-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
},
{
"name": "CVE-2021-25176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25176"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-25178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25178"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2021-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25173"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2022-25311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
},
{
"name": "CVE-2021-37209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
},
{
"name": "CVE-2021-42019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42019"
},
{
"name": "CVE-2020-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
}
],
"initial_release_date": "2022-03-08T00:00:00",
"last_revision_date": "2022-03-08T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-216",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166747 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-166747.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-252466 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-252466.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-562051 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-562051.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-223353 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337210 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337210.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148641 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-389290 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-256353 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-703715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-594438 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-594438.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-415938 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-415938.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134279 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-134279.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-155599 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-155599.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-406691 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-406691.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 8 mars 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
}
]
}
CERTFR-2022-AVI-002
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Google Android. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif du 05 janvier 2022",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29368",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
},
{
"name": "CVE-2021-39659",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39659"
},
{
"name": "CVE-2021-30300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30300"
},
{
"name": "CVE-2021-1049",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1049"
},
{
"name": "CVE-2021-39628",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39628"
},
{
"name": "CVE-2021-39629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"name": "CVE-2021-39620",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39620"
},
{
"name": "CVE-2021-30311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30311"
},
{
"name": "CVE-2021-30308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30308"
},
{
"name": "CVE-2021-30307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30307"
},
{
"name": "CVE-2021-30353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30353"
},
{
"name": "CVE-2021-39634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"name": "CVE-2021-0643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0643"
},
{
"name": "CVE-2021-39627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"name": "CVE-2021-39625",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39625"
},
{
"name": "CVE-2021-39618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39618"
},
{
"name": "CVE-2021-30287",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30287"
},
{
"name": "CVE-2021-39633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"name": "CVE-2021-0959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0959"
},
{
"name": "CVE-2021-40148",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40148"
},
{
"name": "CVE-2021-39621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2021-30319",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30319"
},
{
"name": "CVE-2021-39632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39632"
},
{
"name": "CVE-2021-30285",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30285"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0934"
},
{
"name": "CVE-2021-39630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39630"
},
{
"name": "CVE-2021-39623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"name": "CVE-2021-39622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39622"
},
{
"name": "CVE-2020-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"name": "CVE-2021-30301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30301"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2021-39626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
}
],
"initial_release_date": "2022-01-05T00:00:00",
"last_revision_date": "2022-01-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 04 janvier 2022",
"url": "https://source.android.com/security/bulletin/pixel/2022-01-01"
}
],
"reference": "CERTFR-2022-AVI-002",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Android du 04 janvier 2022",
"url": "https://source.android.com/security/bulletin/2022-01-01"
}
]
}
CERTFR-2021-AVI-854
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Capital VSTAR versions incluant les modules DNS | ||
| Siemens | N/A | Nucleus Source Code toutes versions | ||
| Siemens | N/A | Mendix Applications using Mendix 9 toutes versions antérieures à V9.6.2 | ||
| Siemens | N/A | Nucleus NET toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V15 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC OA V3.18 toutes versions | ||
| Siemens | N/A | NX 1980 Series toutes versions antérieures à V1984 | ||
| Siemens | N/A | APOGEE MEC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V7.5 toutes versions antérieures à V7.5 SP2 Update 5 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.17 toutes versions | ||
| Siemens | N/A | Climatix POL909 (AWM module) toutes versions antérieures à V11.34 | ||
| Siemens | N/A | SCALANCE W1750D toutes versions antérieures à V8.7.1.3 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 toutes versions | ||
| Siemens | N/A | Siveillance Video DLNA Server 2021 R1 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.1 toutes versions | ||
| Siemens | N/A | Mendix Applications using Mendix 7 toutes versions antérieures à V7.23.26 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) toutes versions | ||
| Siemens | N/A | Nucleus Source Code versions incluant les modules DNS | ||
| Siemens | N/A | SIMATIC WinCC V16 toutes versions | ||
| Siemens | N/A | SIMATIC Information Server toutes versions >= V2019 SP1 | ||
| Siemens | N/A | SICAM 230 toutes versions | ||
| Siemens | N/A | Nucleus ReadyStart V4 toutes versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Applications using Mendix 8 toutes versions antérieures à V8.18.13 | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2017.02.4 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager toutes versions antérieures à V2.12 | ||
| Siemens | N/A | Siveillance Video DLNA Server 2020 R1, 2020 R2, 2020 R3 | ||
| Siemens | N/A | Capital VSTAR toutes versions | ||
| Siemens | N/A | Siveillance Video DLNA Server 2019 R1, 2019 R2, 2019 R3 | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2013.08 | ||
| Siemens | N/A | APOGEE MEC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | PSS(R)ODMS V12 toutes versions antérieures à V12.2.6.1 | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2012.12 | ||
| Siemens | N/A | SENTRON powermanager V3 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) toutes versions | ||
| Siemens | N/A | NX 1980 Series toutes versions antérieures à V1988 | ||
| Siemens | N/A | PSS(R)E V34 toutes versions antérieures à V34.9.1 | ||
| Siemens | N/A | APOGEE MBC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | NX 1953 Series toutes versions antérieures à V1973.3700 | ||
| Siemens | N/A | APOGEE MBC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | PSS(R)E V35 toutes versions antérieures à V35.3.2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Capital VSTAR versions incluant les modules DNS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 9 toutes versions ant\u00e9rieures \u00e0 V9.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus NET toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.18 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1980 Series toutes versions ant\u00e9rieures \u00e0 V1984",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 toutes versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Climatix POL909 (AWM module) toutes versions ant\u00e9rieures \u00e0 V11.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1750D toutes versions ant\u00e9rieures \u00e0 V8.7.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2021 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 7 toutes versions ant\u00e9rieures \u00e0 V7.23.26",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code versions incluant les modules DNS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server toutes versions \u003e= V2019 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V4 toutes versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 8 toutes versions ant\u00e9rieures \u00e0 V8.18.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2017.02.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager toutes versions ant\u00e9rieures \u00e0 V2.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2020 R1, 2020 R2, 2020 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Capital VSTAR toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2019 R1, 2019 R2, 2019 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2013.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)ODMS V12 toutes versions ant\u00e9rieures \u00e0 V12.2.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2012.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON powermanager V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1980 Series toutes versions ant\u00e9rieures \u00e0 V1988",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E V34 toutes versions ant\u00e9rieures \u00e0 V34.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1953 Series toutes versions ant\u00e9rieures \u00e0 V1973.3700",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E V35 toutes versions ant\u00e9rieures \u00e0 V35.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
},
{
"name": "CVE-2021-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2021-42026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42026"
},
{
"name": "CVE-2021-37734",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37734"
},
{
"name": "CVE-2021-42025",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42025"
},
{
"name": "CVE-2021-37732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37732"
},
{
"name": "CVE-2021-31888",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
},
{
"name": "CVE-2020-27736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
},
{
"name": "CVE-2021-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
},
{
"name": "CVE-2021-31887",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
},
{
"name": "CVE-2020-10053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10053"
},
{
"name": "CVE-2021-37735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37735"
},
{
"name": "CVE-2021-41533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41533"
},
{
"name": "CVE-2021-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
},
{
"name": "CVE-2021-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
},
{
"name": "CVE-2021-42015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42015"
},
{
"name": "CVE-2021-40366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40366"
},
{
"name": "CVE-2020-15795",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
},
{
"name": "CVE-2021-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
},
{
"name": "CVE-2021-25664",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
},
{
"name": "CVE-2021-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41057"
},
{
"name": "CVE-2021-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37207"
},
{
"name": "CVE-2021-40358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40358"
},
{
"name": "CVE-2020-10052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10052"
},
{
"name": "CVE-2021-37726",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37726"
},
{
"name": "CVE-2020-10054",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10054"
},
{
"name": "CVE-2021-41535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41535"
},
{
"name": "CVE-2021-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37727"
},
{
"name": "CVE-2021-27393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2021-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40364"
},
{
"name": "CVE-2020-27738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-42021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42021"
},
{
"name": "CVE-2021-31883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
},
{
"name": "CVE-2021-41538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41538"
},
{
"name": "CVE-2021-40359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40359"
},
{
"name": "CVE-2021-31886",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
},
{
"name": "CVE-2021-41534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41534"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-37730",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37730"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2020-27737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
},
{
"name": "CVE-2021-25677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
}
],
"initial_release_date": "2021-11-09T00:00:00",
"last_revision_date": "2021-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-854",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-840188 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-362164 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-044112 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-328042 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-917476 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-201384 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-537983 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-779699 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-580693 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740908 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145157 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-338732 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-338732.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-755517 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
}
]
}
CERTFR-2021-AVI-949
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Teamcenter Active Workspace versions 5.2.x antérieures à 5.2.3 | ||
| Siemens | N/A | JTTK versions antérieures à 11.0.3.0 | ||
| Siemens | N/A | SiPass integrated versions antérieures à 2.76 | ||
| Siemens | N/A | SINUMERIK Edge versions antérieures à 3.2 | ||
| Siemens | N/A | SIMATIC ITC2200 V3 PRO versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions antérieures à 21.00 SP3 | ||
| Siemens | N/A | Siveillance Identity V5 versions antérieures à 1.6.284, ou sans le correctif de sécurité SP5 | ||
| Siemens | N/A | Desigo PXC00-U toutes versions postérieures à 2.3 | ||
| Siemens | N/A | SIMATIC ITC1900 V3 versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | JT2Go versions antérieures à 13.2.0.5 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions antérieures à 2.41 | ||
| Siemens | N/A | Desigo PXC22.1-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Desigo PXC001-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | JTTK versions antérieures à 10.8.1.1 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions antérieures à 2.41 | ||
| Siemens | N/A | APOGEE MEC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | Siveillance Identity V1.6 versions antérieures à 1.6.284.0 | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | JTTK versions antérieures à 11.1.1.0 | ||
| Siemens | N/A | JT Utilities versions antérieures à 12.8.1.1 | ||
| Siemens | N/A | Desigo PXC50-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Desigo PXC200-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Desigo PXC36.1-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Desigo PXC00-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | SiPass integrated versions antérieures à 2.80 | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) toutes versions | ||
| Siemens | N/A | Teamcenter Visualization versions antérieures à 13.2.0.5 | ||
| Siemens | N/A | Desigo PXC22-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Simcenter STAR-CCM+ Viewer versions antérieures à 2021.3.1 | ||
| Siemens | N/A | Teamcenter Active Workspace versions 5.1.x antérieures à 5.1.6 | ||
| Siemens | N/A | Capital VSTAR toutes versions avec l'option Ethernet activée | ||
| Siemens | N/A | SiPass integrated versions antérieures à 2.85 | ||
| Siemens | N/A | JT Utilities versions antérieures à 13.1.1.0 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antérieures à 2.41 | ||
| Siemens | N/A | Desigo PXC100-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | ModelSim Simulation toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC ITC2200 V3 versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | Desigo PXC12-E.D toutes versions postérieures à 2.3 | ||
| Siemens | N/A | Questa Simulation toutes versions | ||
| Siemens | N/A | JT Utilities versions antérieures à 13.0.3.0 | ||
| Siemens | N/A | Teamcenter Active Workspace versions 5.0.x antérieures à 5.0.10 | ||
| Siemens | N/A | Desigo PXC128-U toutes versions postérieures à 2.3 | ||
| Siemens | N/A | APOGEE MEC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC ITC1900 V3 PRO versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | Teamcenter Active Workspace versions 4.3.x antérieures à V4.3.11 | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) toutes versions | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antérieures à 2.41 | ||
| Siemens | N/A | APOGEE MBC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | APOGEE MBC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | SIMATIC ITC1500 V3 PRO versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | SIMATIC ITC1500 V3 versions antérieures à 3.2.1.0 | ||
| Siemens | N/A | Desigo PXC64-U toutes versions postérieures à 2.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Teamcenter Active Workspace versions 5.2.x ant\u00e9rieures \u00e0 5.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JTTK versions ant\u00e9rieures \u00e0 11.0.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.76",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions ant\u00e9rieures \u00e0 21.00 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Identity V5 versions ant\u00e9rieures \u00e0 1.6.284, ou sans le correctif de s\u00e9curit\u00e9 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC00-U toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 13.2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions ant\u00e9rieures \u00e0 2.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC22.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC001-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JTTK versions ant\u00e9rieures \u00e0 10.8.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions ant\u00e9rieures \u00e0 2.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Identity V1.6 versions ant\u00e9rieures \u00e0 1.6.284.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JTTK versions ant\u00e9rieures \u00e0 11.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 12.8.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC50-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC200-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC36.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC00-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 13.2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC22-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 2021.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace versions 5.1.x ant\u00e9rieures \u00e0 5.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Capital VSTAR toutes versions avec l\u0027option Ethernet activ\u00e9e",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.85",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 13.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 2.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC100-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ModelSim Simulation toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC12-E.D toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Questa Simulation toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 13.0.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace versions 5.0.x ant\u00e9rieures \u00e0 5.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC128-U toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace versions 4.3.x ant\u00e9rieures \u00e0 V4.3.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 2.41",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo PXC64-U toutes versions post\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44443",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44443"
},
{
"name": "CVE-2021-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
},
{
"name": "CVE-2021-44444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44444"
},
{
"name": "CVE-2021-44009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44009"
},
{
"name": "CVE-2021-31888",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
},
{
"name": "CVE-2021-44447",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44447"
},
{
"name": "CVE-2018-20749",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20749"
},
{
"name": "CVE-2021-44013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44013"
},
{
"name": "CVE-2021-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
},
{
"name": "CVE-2021-31887",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
},
{
"name": "CVE-2019-15690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15690"
},
{
"name": "CVE-2021-44012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44012"
},
{
"name": "CVE-2020-14396",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14396"
},
{
"name": "CVE-2021-44001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44001"
},
{
"name": "CVE-2020-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14404"
},
{
"name": "CVE-2021-44430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44430"
},
{
"name": "CVE-2021-44440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44440"
},
{
"name": "CVE-2021-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44432"
},
{
"name": "CVE-2021-44445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44445"
},
{
"name": "CVE-2021-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
},
{
"name": "CVE-2021-44434",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44434"
},
{
"name": "CVE-2021-44449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44449"
},
{
"name": "CVE-2019-15681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15681"
},
{
"name": "CVE-2021-44435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44435"
},
{
"name": "CVE-2021-42023",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42023"
},
{
"name": "CVE-2021-44442",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44442"
},
{
"name": "CVE-2021-44002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
},
{
"name": "CVE-2021-44014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
},
{
"name": "CVE-2021-44436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44436"
},
{
"name": "CVE-2021-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
},
{
"name": "CVE-2021-44438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44438"
},
{
"name": "CVE-2021-44006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44006"
},
{
"name": "CVE-2021-41547",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41547"
},
{
"name": "CVE-2021-44008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44008"
},
{
"name": "CVE-2021-44017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44017"
},
{
"name": "CVE-2021-44441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44441"
},
{
"name": "CVE-2021-44011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44011"
},
{
"name": "CVE-2018-20748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20748"
},
{
"name": "CVE-2019-20788",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20788"
},
{
"name": "CVE-2021-44446",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44446"
},
{
"name": "CVE-2021-44010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44010"
},
{
"name": "CVE-2021-44522",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44522"
},
{
"name": "CVE-2021-44448",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44448"
},
{
"name": "CVE-2021-44523",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44523"
},
{
"name": "CVE-2019-20840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20840"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2018-20750",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20750"
},
{
"name": "CVE-2021-42022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42022"
},
{
"name": "CVE-2021-44433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44433"
},
{
"name": "CVE-2021-44004",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44004"
},
{
"name": "CVE-2017-18922",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18922"
},
{
"name": "CVE-2021-44524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44524"
},
{
"name": "CVE-2021-44003",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44003"
},
{
"name": "CVE-2021-44007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44007"
},
{
"name": "CVE-2021-42024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42024"
},
{
"name": "CVE-2019-20839",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20839"
},
{
"name": "CVE-2021-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44431"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-44005",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44005"
},
{
"name": "CVE-2020-14402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14402"
},
{
"name": "CVE-2020-14397",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14397"
},
{
"name": "CVE-2021-31883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
},
{
"name": "CVE-2020-14398",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14398"
},
{
"name": "CVE-2020-14403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14403"
},
{
"name": "CVE-2021-44439",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44439"
},
{
"name": "CVE-2021-44015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44015"
},
{
"name": "CVE-2021-44437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44437"
},
{
"name": "CVE-2021-31886",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
},
{
"name": "CVE-2021-44450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44450"
},
{
"name": "CVE-2021-42027",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42027"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2020-14405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14405"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2018-20019",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20019"
},
{
"name": "CVE-2018-15127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15127"
},
{
"name": "CVE-2018-21247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-21247"
},
{
"name": "CVE-2021-44165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44165"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
},
{
"name": "CVE-2020-14401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14401"
}
],
"initial_release_date": "2021-12-15T00:00:00",
"last_revision_date": "2021-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-949",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620288 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-133772 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-199605 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-595101 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496292 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400332 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-463116 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-523250 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352143 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-390195 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-396621 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-802578 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-160202 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-161331 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 14 d\u00e9cembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
}
]
}
CERTFR-2022-AVI-018
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | CP-8022 MASTER MODULE, versions antérieures à 16.20 | ||
| Siemens | N/A | PLUSCONTROL première génération, toutes les versions, se référer au bulletin de sécurité de l'éditeur afin d'appliquer les mesures de contournement | ||
| Siemens | N/A | CP-8021 MASTER MODULE, versions antérieures à 16.20 | ||
| Siemens | N/A | SIPROTEC 5 depuis la gamme 6MD85 jusqu'à la gamme 7VK87, vérifier l'avis ssa-439673 pour identifier plus précisément les gammes vulnérables, versions antérieures à 8.83 | ||
| Siemens | N/A | SIPROTEC 5 Compact 7SX800, versions antérieures à 8.83 | ||
| Siemens | N/A | CP-8000 MASTER MODULE -40 à +70°C, versions antérieures à 16.20 | ||
| Siemens | N/A | SICAM PQ Analyzer, versions antérieures à 3.18 | ||
| Siemens | N/A | COMOS Web, versions antérieures à 10.4.1 | ||
| Siemens | N/A | CP-8000 MASTER -25 à +70°C, versions antérieures à 16.20 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CP-8022 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLUSCONTROL premi\u00e8re g\u00e9n\u00e9ration, toutes les versions, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur afin d\u0027appliquer les mesures de contournement",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8021 MASTER MODULE, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 depuis la gamme 6MD85 jusqu\u0027\u00e0 la gamme 7VK87, v\u00e9rifier l\u0027avis ssa-439673 pour identifier plus pr\u00e9cis\u00e9ment les gammes vuln\u00e9rables, versions ant\u00e9rieures \u00e0 8.83",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 Compact 7SX800, versions ant\u00e9rieures \u00e0 8.83",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8000 MASTER MODULE -40 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PQ Analyzer, versions ant\u00e9rieures \u00e0 3.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "COMOS Web, versions ant\u00e9rieures \u00e0 10.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8000 MASTER -25 \u00e0 +70\u00b0C, versions ant\u00e9rieures \u00e0 16.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45034"
},
{
"name": "CVE-2021-41769",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41769"
},
{
"name": "CVE-2021-37198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37198"
},
{
"name": "CVE-2021-45033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45033"
},
{
"name": "CVE-2021-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
},
{
"name": "CVE-2021-37197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37197"
},
{
"name": "CVE-2021-45460",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45460"
},
{
"name": "CVE-2021-37195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37195"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2021-37196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37196"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
}
],
"initial_release_date": "2022-01-11T00:00:00",
"last_revision_date": "2022-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-018",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-324998 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324998.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-845392 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-439673 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-439673.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-995338 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-173318 du 11 janvier 2022",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf"
}
]
}
fkie_cve-2021-31346
Vulnerability from fkie_nvd
Published
2021-11-09 12:15
Modified
2024-11-21 06:05
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-044112.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-114589.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-223353.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-620288.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/html/ssa-845392.html | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf | Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf | Vendor Advisory | |
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf | ||
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | capital_vstar | * | |
| siemens | nucleus_net | * | |
| siemens | nucleus_readystart_v3 | * | |
| siemens | nucleus_readystart_v4 | * | |
| siemens | nucleus_source_code | * | |
| siemens | apogee_modular_building_controller_firmware | * | |
| siemens | apogee_modular_building_controller | - | |
| siemens | apogee_modular_equiment_controller_firmware | * | |
| siemens | apogee_modular_equiment_controller | - | |
| siemens | apogee_pxc_compact_firmware | * | |
| siemens | apogee_pxc_compact | - | |
| siemens | apogee_pxc_modular_firmware | * | |
| siemens | apogee_pxc_modular | - | |
| siemens | talon_tc_compact_firmware | * | |
| siemens | talon_tc_compact | - | |
| siemens | talon_tc_modular_firmware | * | |
| siemens | talon_tc_modular | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "769372D0-68B3-47F3-B13B-43EAAF7E822D",
"versionEndExcluding": "2017.02.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB581B9-8F63-4117-A420-C271E5FF6EC6",
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAD4D8-54FA-4721-954E-4AD77020B189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F978E7-3DD9-4948-BFFB-E7273003477B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCB699F-4F10-47BD-8890-047380972BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7945BF7D-AB3A-4285-9C58-D56149ADFC15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "105A6FFB-1176-4021-868D-3D6CE77113B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BE40AF-B7A4-498A-943E-11AA9393A3D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA14719-C655-4BED-AE8D-B9C983847AE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3470FD-BEBE-465F-A189-F4CEDD0F6815",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet activadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22.1-E. D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1. 1), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). La longitud total de una carga \u00fatil ICMP (fijada en la cabecera IP) no est\u00e1 marcada. Esto puede conducir a varios efectos secundarios, incluyendo la fuga de informaci\u00f3n y las condiciones de denegaci\u00f3n de servicio, dependiendo de la organizaci\u00f3n del buffer de red en la memoria. (FSMD-2021-0007)"
}
],
"id": "CVE-2021-31346",
"lastModified": "2024-11-21T06:05:27.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-09T12:15:09.200",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
cnvd-2021-89444
Vulnerability from cnvd
Title
Siemens Nucleus ReadyStart输入验证不正确漏洞
Description
Siemens Nucleus ReadyStart是德国Siemens公司的一个捆绑式解决方案。用于加速完整系统的快速启动并提供丰富的板级支持包 (Bsp)。
Siemens Nucleus ReadyStart存在安全漏洞,该漏洞源于UDP有效负载的总长度(在 IP 标头中设置)未选中。攻击者可利用漏洞导致信息泄露和拒绝服务条件,具体取决于运行在UDP协议之上的用户定义的应用程序。
Severity
中
VLAI Severity ?
Patch Name
Siemens Nucleus ReadyStart输入验证不正确漏洞的补丁
Patch Description
Siemens Nucleus ReadyStart是德国Siemens公司的一个捆绑式解决方案。用于加速完整系统的快速启动并提供丰富的板级支持包 (Bsp)。
Siemens Nucleus ReadyStart存在安全漏洞,该漏洞源于UDP有效负载的总长度(在 IP 标头中设置)未选中。攻击者可利用漏洞导致信息泄露和拒绝服务条件,具体取决于运行在UDP协议之上的用户定义的应用程序。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Impacted products
| Name | Siemens Nucleus ReadyStart < V4.1.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-31346"
}
},
"description": "Siemens Nucleus ReadyStart\u662f\u5fb7\u56fdSiemens\u516c\u53f8\u7684\u4e00\u4e2a\u6346\u7ed1\u5f0f\u89e3\u51b3\u65b9\u6848\u3002\u7528\u4e8e\u52a0\u901f\u5b8c\u6574\u7cfb\u7edf\u7684\u5feb\u901f\u542f\u52a8\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u677f\u7ea7\u652f\u6301\u5305 (Bsp)\u3002\n\nSiemens Nucleus ReadyStart\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eUDP\u6709\u6548\u8d1f\u8f7d\u7684\u603b\u957f\u5ea6\uff08\u5728 IP \u6807\u5934\u4e2d\u8bbe\u7f6e\uff09\u672a\u9009\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u8fd0\u884c\u5728UDP\u534f\u8bae\u4e4b\u4e0a\u7684\u7528\u6237\u5b9a\u4e49\u7684\u5e94\u7528\u7a0b\u5e8f\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-89444",
"openTime": "2021-11-20",
"patchDescription": "Siemens Nucleus ReadyStart\u662f\u5fb7\u56fdSiemens\u516c\u53f8\u7684\u4e00\u4e2a\u6346\u7ed1\u5f0f\u89e3\u51b3\u65b9\u6848\u3002\u7528\u4e8e\u52a0\u901f\u5b8c\u6574\u7cfb\u7edf\u7684\u5feb\u901f\u542f\u52a8\u5e76\u63d0\u4f9b\u4e30\u5bcc\u7684\u677f\u7ea7\u652f\u6301\u5305 (Bsp)\u3002\r\n\r\nSiemens Nucleus ReadyStart\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eUDP\u6709\u6548\u8d1f\u8f7d\u7684\u603b\u957f\u5ea6\uff08\u5728 IP \u6807\u5934\u4e2d\u8bbe\u7f6e\uff09\u672a\u9009\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u8fd0\u884c\u5728UDP\u534f\u8bae\u4e4b\u4e0a\u7684\u7528\u6237\u5b9a\u4e49\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Nucleus ReadyStart\u8f93\u5165\u9a8c\u8bc1\u4e0d\u6b63\u786e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Siemens Nucleus ReadyStart \u003c V4.1.1"
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"serverity": "\u4e2d",
"submitTime": "2021-11-11",
"title": "Siemens Nucleus ReadyStart\u8f93\u5165\u9a8c\u8bc1\u4e0d\u6b63\u786e\u6f0f\u6d1e"
}
gsd-2021-31346
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31346",
"description": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3), Desigo PXC00-U (All versions \u003e= V2.3), Desigo PXC001-E.D (All versions \u003e= V2.3), Desigo PXC100-E.D (All versions \u003e= V2.3), Desigo PXC12-E.D (All versions \u003e= V2.3), Desigo PXC128-U (All versions \u003e= V2.3), Desigo PXC200-E.D (All versions \u003e= V2.3), Desigo PXC22-E.D (All versions \u003e= V2.3), Desigo PXC22.1-E.D (All versions \u003e= V2.3), Desigo PXC36.1-E.D (All versions \u003e= V2.3), Desigo PXC50-E.D (All versions \u003e= V2.3), Desigo PXC64-U (All versions \u003e= V2.3), Desigo PXM20-E (All versions \u003e= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"id": "GSD-2021-31346"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31346"
],
"details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"id": "GSD-2021-31346",
"modified": "2023-12-13T01:23:12.943386Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APOGEE MBC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "Capital VSTAR",
"version": {
"version_data": [
{
"version_value": "All versions with enabled Ethernet options"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC00-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC128-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC64-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXM20-E",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2017.02.4"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.1"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "PLUSCONTROL 1st Gen",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMOTICS CONNECT 400",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V0.5.0.0"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "TALON TC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1284: Improper Validation of Specified Quantity in Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017.02.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31346"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf",
"refsource": "MISC",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"name": "N/A",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-05-20T13:15Z",
"publishedDate": "2021-11-09T12:15Z"
}
}
}
var-202111-1611
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nucleus readystart v4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "apogee modular building controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus net",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus source code",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "capital vstar",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus readystart v3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2017.02.1"
},
{
"model": "apogee modular equiment controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
}
],
"trust": 0.6
},
"cve": "CVE-2021-31346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31346",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31346",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31346",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31346",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2021-31346",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-851",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"db": "NVD",
"id": "CVE-2021-31346"
},
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31346"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31346",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-620288",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-044112",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-845392",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-223353",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-114589",
"trust": 1.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0094",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4289",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3833",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-315-07",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121648",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011803",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010910",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-851",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"id": "VAR-202111-1611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.544069276
},
"last_update_date": "2024-10-08T21:00:05.053000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "siemens Nucleus Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185269"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1284",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111003"
},
{
"trust": 0.6,
"url": "https://source.android.com/security/bulletin/2022-01-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0094"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3833"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31346"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3874"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4289"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011803"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121648"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010910"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031013"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"date": "2021-11-09T12:15:09.200000",
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-851"
},
{
"date": "2024-10-08T09:15:04.353000",
"db": "NVD",
"id": "CVE-2021-31346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Nucleus Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-851"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…