Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31887 (GCVE-0-2021-31887)
Vulnerability from cvelistv5
Published
2021-11-09 11:32
Modified
2024-08-03 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-170 - Improper Null Termination
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | APOGEE MBC (PPC) (BACnet) |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APOGEE MBC (PPC) (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "APOGEE MBC (PPC) (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "APOGEE MEC (PPC) (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "APOGEE MEC (PPC) (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "APOGEE PXC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.4"
}
]
},
{
"product": "APOGEE PXC Compact (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8.19"
}
]
},
{
"product": "APOGEE PXC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.4"
}
]
},
{
"product": "APOGEE PXC Modular (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8.19"
}
]
},
{
"product": "Desigo PXC00-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC00-U",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC001-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC100-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC12-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC128-U",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC200-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC22-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC22.1-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC36.1-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC50-E.D",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXC64-U",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Desigo PXM20-E",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
},
{
"product": "Nucleus NET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Nucleus ReadyStart V3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2017.02.4"
}
]
},
{
"product": "Nucleus Source Code",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "TALON TC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.4"
}
]
},
{
"product": "TALON TC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170: Improper Null Termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:46:36",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APOGEE MBC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC00-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC128-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC64-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXM20-E",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2017.02.4"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "TALON TC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31887",
"datePublished": "2021-11-09T11:32:00",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31887\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-11-09T12:15:09.587\",\"lastModified\":\"2024-11-21T06:06:26.073\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6. 30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC22.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017. 02.4), Nucleus Source Code (Todas las versiones), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). El servidor FTP no valida correctamente la longitud del comando \\\"PWD/XPWD\\\", lo que lleva a desbordamientos de b\u00fafer basados en la pila. Esto puede provocar condiciones de denegaci\u00f3n de servicio y ejecuci\u00f3n remota de c\u00f3digo. (FSMD-2021-0016)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-170\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A987CFB-4A41-4F82-8C7F-31DE8F0650DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2017.02.4\",\"matchCriteriaId\":\"C2F36C9F-E4F4-4678-B82D-361F4818B66C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAF9C3-B56A-4F40-B90B-D0DE96869A44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACCB699F-4F10-47BD-8890-047380972BE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7945BF7D-AB3A-4285-9C58-D56149ADFC15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:p2_ethernet:*:*:*\",\"versionEndExcluding\":\"2.8.19\",\"matchCriteriaId\":\"DB03E262-4378-4E0F-9263-19D1392CCC8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:bacnet:*:*:*\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"C7F539A7-092A-452D-AAEF-A18CAB76EF39\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:p2_ethernet:*:*:*\",\"versionEndExcluding\":\"2.8.19\",\"matchCriteriaId\":\"32FAA115-303A-43BF-BB07-153269A82769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:bacnet:*:*:*\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"AD5099CC-0908-4CB8-A152-869B1678F484\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"46B9BC93-293E-4D1F-BA10-4E79DCF472FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"90E02740-938E-421A-97F9-DAC9A96F048B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"7F55E48E-BFB9-436A-9586-696D910C0122\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1727849-2FD8-40A2-91D3-E0C9662B45BC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"9B62759D-843B-48FC-82CB-1A8562C6BAFD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD39D011-8AE2-46FE-9207-C110E2FBC07C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"A9FA1D60-CB76-4F9F-AF50-F044938E24F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCC50C13-FA05-4459-BA1E-482D886B842B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"E759F7F2-A0EA-4A93-9BE7-56754F3DB71E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDA404C0-FD6D-47CC-950C-E5DCC993C8E6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"06588CEC-2291-4870-84D9-6A61614D954F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A4D84CE-07AB-4305-9C48-54392772D4EB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"43E08A74-3DAF-4022-9FF2-9ADA4426161E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E67F374-BF75-4334-A6D5-AB570E0A70D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"875BF593-DC7B-4416-983D-E69C48F5F3EF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CA7EF94-2EE2-4B53-A544-F675306DF84F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"60970078-7799-458D-983C-AD012FFA4241\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73C4D39-A600-460B-A9A4-A954A58EDB17\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"30E702A4-7D43-4277-9885-52AA26EB526B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88DBB445-0A82-4DE8-B2CB-0CDD06A7E413\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"4D3E8389-DC09-4E20-9406-8AACE31E4503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4EC2CE6-D918-4D78-A135-34E25C82E40B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"C5E933BA-6FBA-445C-AC3E-F866E606A34D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E1693F-D78F-4AC1-9304-3A5D64F5AEE2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"182DB746-FDA5-4856-BE6C-C84E0EFF7BFC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A602EDAE-72D4-4546-8C41-BBBECE2FD328\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3\",\"versionEndExcluding\":\"6.30.016\",\"matchCriteriaId\":\"7A58E17E-5986-4EEF-93BF-0596AA1E7F46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D7DD189-AEC3-4CB8-9337-876B8C8F2322\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ICSA-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-315-07",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
},
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
},
{
"date": "2022-05-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (BACnet)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (BACnet)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Compact (BACnet)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Compact (P2 Ethernet)",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Modular (BACnet)",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Modular (P2 Ethernet)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-E.D",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-U",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC001-E.D",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Desigo PXC001-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC12-E.D",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Desigo PXC12-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22-E.D",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Desigo PXC22-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22.1-E.D",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Desigo PXC22.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC36.1-E.D",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Desigo PXC36.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC50-E.D",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Desigo PXC50-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC64-U",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Desigo PXC64-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC100-E.D",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Desigo PXC100-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC128-U",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Desigo PXC128-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC200-E.D",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Desigo PXC200-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXM20-E",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Desigo PXM20-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Compact (BACnet)",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "TALON TC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Modular (BACnet)",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "TALON TC Modular (BACnet)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-315-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-315-07",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
},
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
},
{
"date": "2022-05-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "5",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (BACnet)",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (BACnet)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (P2 Ethernet)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Compact (BACnet)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Compact (P2 Ethernet)",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "APOGEE PXC Modular (BACnet)",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2.8.19",
"product": {
"name": "APOGEE PXC Modular (P2 Ethernet)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-E.D",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC00-U",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC001-E.D",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Desigo PXC001-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC12-E.D",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Desigo PXC12-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22-E.D",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Desigo PXC22-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC22.1-E.D",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "Desigo PXC22.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC36.1-E.D",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "Desigo PXC36.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC50-E.D",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "Desigo PXC50-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC64-U",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "Desigo PXC64-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC100-E.D",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Desigo PXC100-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC128-U",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Desigo PXC128-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXC200-E.D",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Desigo PXC200-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=V2.3_and_\u003cV6.30.016",
"product": {
"name": "Desigo PXM20-E",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Desigo PXM20-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Compact (BACnet)",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "TALON TC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.5.4",
"product": {
"name": "TALON TC Modular (BACnet)",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "TALON TC Modular (BACnet)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023"
]
}
],
"title": "CVE-2021-31890"
}
]
}
icsa-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
Summary
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as "NUCLEUS:13" and as documented below.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "coordinated disclosure"
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as \"NUCLEUS:13\" and as documented below.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS TCP/IP Stack",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-313-03",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Moved product CAPITAL VSTAR to a separate advisory (SSA-620288)"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus NET",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Nucleus NET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2017.02.4",
"product": {
"name": "Nucleus ReadyStart V3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.1",
"product": {
"name": "Nucleus ReadyStart V4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus Source Code",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Nucleus Source Code"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31890"
}
]
}
ICSA-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2025-05-06 06:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
Summary
The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as "NUCLEUS:13" and as documented below.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "coordinated disclosure"
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "coordinated disclosure"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack and related services (FTP, TFTP) of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities, also known as \"NUCLEUS:13\" and as documented below.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt"
},
{
"category": "self",
"summary": "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-313-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Nucleus RTOS TCP/IP Stack",
"tracking": {
"current_release_date": "2025-05-06T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-313-03",
"initial_release_date": "2021-11-09T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Moved product CAPITAL VSTAR to a separate advisory (SSA-620288)"
},
{
"date": "2025-05-06T06:00:00.000000Z",
"legacy_version": "Revision",
"number": "3",
"summary": "Revision - Fixing typos"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus NET",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Nucleus NET"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV2017.02.4",
"product": {
"name": "Nucleus ReadyStart V3",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.1",
"product": {
"name": "Nucleus ReadyStart V4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Nucleus ReadyStart V4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Nucleus Source Code",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Nucleus Source Code"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31344 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31346 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31885 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V3",
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"summary": "CVE-2021-31890 - Nucleus ReadyStart V4",
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Update to the latest version of Nucleus ReadyStart V3 or V4",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Contact customer support or your local Nucleus Sales team for mitigation advice",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no remediation is planned",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to V2017.02.4 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://support.sw.siemens.com/en-US/product/1009925838/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1.1 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://support.sw.siemens.com/en-US/product/1336134128/"
},
{
"category": "vendor_fix",
"details": "Contact customer support to receive patch and update information",
"product_ids": [
"CSAFPID-0004"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
],
"title": "CVE-2021-31890"
}
]
}
gsd-2021-31887
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-31887",
"description": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions \u003e= V2.3), Desigo PXC00-U (All versions \u003e= V2.3), Desigo PXC001-E.D (All versions \u003e= V2.3), Desigo PXC100-E.D (All versions \u003e= V2.3), Desigo PXC12-E.D (All versions \u003e= V2.3), Desigo PXC128-U (All versions \u003e= V2.3), Desigo PXC200-E.D (All versions \u003e= V2.3), Desigo PXC22-E.D (All versions \u003e= V2.3), Desigo PXC22.1-E.D (All versions \u003e= V2.3), Desigo PXC36.1-E.D (All versions \u003e= V2.3), Desigo PXC50-E.D (All versions \u003e= V2.3), Desigo PXC64-U (All versions \u003e= V2.3), Desigo PXM20-E (All versions \u003e= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"id": "GSD-2021-31887"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-31887"
],
"details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"id": "GSD-2021-31887",
"modified": "2023-12-13T01:23:13.512294Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "APOGEE MBC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Compact (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "APOGEE PXC Modular (P2 Ethernet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.8.19"
}
]
}
},
{
"product_name": "Desigo PXC00-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC00-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC001-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC100-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC12-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC128-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC200-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC22.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC36.1-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC50-E.D",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXC64-U",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Desigo PXM20-E",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
}
]
}
},
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2017.02.4"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "TALON TC Compact (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
},
{
"product_name": "TALON TC Modular (BACnet)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.5.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-170: Improper Null Termination"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017.02.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:p2_ethernet:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:bacnet:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:p2_ethernet:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.19",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:bacnet:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31887"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-170"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-03-13T15:28Z",
"publishedDate": "2021-11-09T12:15Z"
}
}
}
var-202111-1604
Vulnerability from variot
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016). Multiple Siemens products are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1604",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desigo pxc12-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "talon tc modular",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5.4"
},
{
"model": "nucleus source code",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "desigo pxc36.1-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc128-u",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc50-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc64-u",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc001-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "apogee pxc compact",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8.19"
},
{
"model": "desigo pxc100-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc36.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "apogee pxc compact",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5.4"
},
{
"model": "nucleus net",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "desigo pxc00-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc12-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc22-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "apogee modular building controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "desigo pxc22.1-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc128-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxm20-e",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc200-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxm20-e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc00-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc22.1-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "apogee pxc modular",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5.4"
},
{
"model": "apogee pxc modular",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.8.19"
},
{
"model": "talon tc compact",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.5.4"
},
{
"model": "desigo pxc100-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc22-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "nucleus readystart v3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2017.02.4"
},
{
"model": "desigo pxc00-u",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc64-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "desigo pxc00-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc001-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "apogee modular equiment controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "desigo pxc200-e.d",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.3"
},
{
"model": "desigo pxc50-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.30.016"
},
{
"model": "capital vstar",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apogee pxc compact",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apogee modular equiment controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "nucleus readystart v3",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apogee pxc modular",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "talon tc modular",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "nucleus net",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "apogee modular building controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "nucleus source code",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "talon tc compact",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
}
],
"trust": 0.6
},
"cve": "CVE-2021-31887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2021-31887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31887",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31887",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31887",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-31887",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-844",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016). Multiple Siemens products are vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31887"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31887",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-044112",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-114589",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-315-07",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-03",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU95671889",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-014903",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.3874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3833",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"id": "VAR-202111-1604",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41785447777777773
},
"last_update_date": "2024-08-14T13:05:16.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-044112 Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174348"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-170",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95671889/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31887"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-313-03"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-07"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3833"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"date": "2021-11-09T12:15:09.587000",
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T08:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-014903"
},
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-844"
},
{
"date": "2023-03-13T15:28:09.447000",
"db": "NVD",
"id": "CVE-2021-31887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Out-of-bounds write vulnerabilities in multiple Siemens products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-014903"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-844"
}
],
"trust": 0.6
}
}
ghsa-q5r7-v53q-5pgx
Vulnerability from github
Published
2022-05-24 22:28
Modified
2022-05-24 22:28
Severity ?
VLAI Severity ?
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
{
"affected": [],
"aliases": [
"CVE-2021-31887"
],
"database_specific": {
"cwe_ids": [
"CWE-170",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-09T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"id": "GHSA-q5r7-v53q-5pgx",
"modified": "2022-05-24T22:28:53Z",
"published": "2022-05-24T22:28:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31887"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
fkie_cve-2021-31887
Vulnerability from fkie_nvd
Published
2021-11-09 12:15
Modified
2024-11-21 06:06
Severity ?
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F36C9F-E4F4-4678-B82D-361F4818B66C",
"versionEndExcluding": "2017.02.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60FAD4D8-54FA-4721-954E-4AD77020B189",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F978E7-3DD9-4948-BFFB-E7273003477B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCB699F-4F10-47BD-8890-047380972BE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7945BF7D-AB3A-4285-9C58-D56149ADFC15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:p2_ethernet:*:*:*",
"matchCriteriaId": "DB03E262-4378-4E0F-9263-19D1392CCC8F",
"versionEndExcluding": "2.8.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:bacnet:*:*:*",
"matchCriteriaId": "C7F539A7-092A-452D-AAEF-A18CAB76EF39",
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:p2_ethernet:*:*:*",
"matchCriteriaId": "32FAA115-303A-43BF-BB07-153269A82769",
"versionEndExcluding": "2.8.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:bacnet:*:*:*",
"matchCriteriaId": "AD5099CC-0908-4CB8-A152-869B1678F484",
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46B9BC93-293E-4D1F-BA10-4E79DCF472FB",
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E02740-938E-421A-97F9-DAC9A96F048B",
"versionEndExcluding": "3.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F55E48E-BFB9-436A-9586-696D910C0122",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1727849-2FD8-40A2-91D3-E0C9662B45BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B62759D-843B-48FC-82CB-1A8562C6BAFD",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD39D011-8AE2-46FE-9207-C110E2FBC07C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FA1D60-CB76-4F9F-AF50-F044938E24F7",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC50C13-FA05-4459-BA1E-482D886B842B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E759F7F2-A0EA-4A93-9BE7-56754F3DB71E",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA404C0-FD6D-47CC-950C-E5DCC993C8E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06588CEC-2291-4870-84D9-6A61614D954F",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4D84CE-07AB-4305-9C48-54392772D4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E08A74-3DAF-4022-9FF2-9ADA4426161E",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E67F374-BF75-4334-A6D5-AB570E0A70D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "875BF593-DC7B-4416-983D-E69C48F5F3EF",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA7EF94-2EE2-4B53-A544-F675306DF84F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60970078-7799-458D-983C-AD012FFA4241",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73C4D39-A600-460B-A9A4-A954A58EDB17",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30E702A4-7D43-4277-9885-52AA26EB526B",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88DBB445-0A82-4DE8-B2CB-0CDD06A7E413",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3E8389-DC09-4E20-9406-8AACE31E4503",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EC2CE6-D918-4D78-A135-34E25C82E40B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E933BA-6FBA-445C-AC3E-F866E606A34D",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E1693F-D78F-4AC1-9304-3A5D64F5AEE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "182DB746-FDA5-4856-BE6C-C84E0EFF7BFC",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A602EDAE-72D4-4546-8C41-BBBECE2FD328",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58E17E-5986-4EEF-93BF-0596AA1E7F46",
"versionEndExcluding": "6.30.016",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DD189-AEC3-4CB8-9337-876B8C8F2322",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6. 30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC22.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017. 02.4), Nucleus Source Code (Todas las versiones), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). El servidor FTP no valida correctamente la longitud del comando \"PWD/XPWD\", lo que lleva a desbordamientos de b\u00fafer basados en la pila. Esto puede provocar condiciones de denegaci\u00f3n de servicio y ejecuci\u00f3n remota de c\u00f3digo. (FSMD-2021-0016)"
}
],
"id": "CVE-2021-31887",
"lastModified": "2024-11-21T06:06:26.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-09T12:15:09.587",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-170"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
cnvd-2021-89437
Vulnerability from cnvd
Title: 多款Siemens产品不正确零终止漏洞(CNVD-2021-89437)
Description:
Capital VSTAR是一个完整的解决方案。Nucleus NET模块集成了一系列符合标准的网络和通信协议、驱动程序和实用程序,以在任何嵌入式设备中提供全功能的网络支持。Nucleus RTOS是一种基于微内核的实时操作系统。
多款Siemens产品存在安全出漏洞,该漏洞源于FTP服务器未正确验证“PWD/XPWD”命令的长度,导致堆栈缓冲区溢出。攻击者可利用漏洞导致拒绝服务条件和远程代码执行。
Severity: 中
Patch Name: 多款Siemens产品不正确零终止漏洞(CNVD-2021-89437)的补丁
Patch Description:
Capital VSTAR是一个完整的解决方案。Nucleus NET模块集成了一系列符合标准的网络和通信协议、驱动程序和实用程序,以在任何嵌入式设备中提供全功能的网络支持。Nucleus RTOS是一种基于微内核的实时操作系统。
多款Siemens产品存在安全出漏洞,该漏洞源于FTP服务器未正确验证“PWD/XPWD”命令的长度,导致堆栈缓冲区溢出。攻击者可利用漏洞导致拒绝服务条件和远程代码执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Reference: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Impacted products
| Name | ['Siemens Nucleus Source Code', 'Siemens Nucleus NET', 'SIEMENS Capital VSTAR', 'SIEMENS Nucleus ReadyStart V3 < 2017.02.4'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-31887"
}
},
"description": "Capital VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002Nucleus NET\u6a21\u5757\u96c6\u6210\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u662f\u4e00\u79cd\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFTP\u670d\u52a1\u5668\u672a\u6b63\u786e\u9a8c\u8bc1\u201cPWD/XPWD\u201d\u547d\u4ee4\u7684\u957f\u5ea6\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-89437",
"openTime": "2021-11-20",
"patchDescription": "Capital VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002Nucleus NET\u6a21\u5757\u96c6\u6210\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u662f\u4e00\u79cd\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFTP\u670d\u52a1\u5668\u672a\u6b63\u786e\u9a8c\u8bc1\u201cPWD/XPWD\u201d\u547d\u4ee4\u7684\u957f\u5ea6\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4e0d\u6b63\u786e\u96f6\u7ec8\u6b62\u6f0f\u6d1e\uff08CNVD-2021-89437\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Nucleus Source Code",
"Siemens Nucleus NET",
"SIEMENS Capital VSTAR",
"SIEMENS Nucleus ReadyStart V3 \u003c 2017.02.4"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
"serverity": "\u4e2d",
"submitTime": "2021-11-11",
"title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4e0d\u6b63\u786e\u96f6\u7ec8\u6b62\u6f0f\u6d1e\uff08CNVD-2021-89437\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…