cnvd - cnvd-2021-89438

cnvd-2021-89438

Vulnerability from cnvd

Title

多款Siemens产品不正确零终止漏洞（CNVD-2021-89438）

Description

Capital VSTAR是一个完整的解决方案。Nucleus NET模块集成了一系列符合标准的网络和通信协议、驱动程序和实用程序，以在任何嵌入式设备中提供全功能的网络支持。Nucleus RTOS是一种基于微内核的实时操作系统。多款Siemens产品存在安全出漏洞，该漏洞源于FTP服务器未正确验证“USER”命令的长度，导致堆栈缓冲区溢出。攻击者可利用漏洞导致拒绝服务条件和远程代码执行。

Severity

高

Patch Name

多款Siemens产品不正确零终止漏洞（CNVD-2021-89438）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Impacted products

Name
['Siemens Nucleus Source Code', 'Siemens Nucleus NET', 'SIEMENS Capital VSTAR', 'SIEMENS Nucleus ReadyStart V3 < 2017.02.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-31886"
    }
  },
  "description": "Capital VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002Nucleus NET\u6a21\u5757\u96c6\u6210\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u662f\u4e00\u79cd\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFTP\u670d\u52a1\u5668\u672a\u6b63\u786e\u9a8c\u8bc1\u201cUSER\u201d\u547d\u4ee4\u7684\u957f\u5ea6\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-89438",
  "openTime": "2021-11-20",
  "patchDescription": "Capital VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u89e3\u51b3\u65b9\u6848\u3002Nucleus NET\u6a21\u5757\u96c6\u6210\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u662f\u4e00\u79cd\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eFTP\u670d\u52a1\u5668\u672a\u6b63\u786e\u9a8c\u8bc1\u201cUSER\u201d\u547d\u4ee4\u7684\u957f\u5ea6\uff0c\u5bfc\u81f4\u5806\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4e0d\u6b63\u786e\u96f6\u7ec8\u6b62\u6f0f\u6d1e\uff08CNVD-2021-89438\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens Nucleus Source Code",
      "Siemens Nucleus NET",
      "SIEMENS Capital VSTAR",
      "SIEMENS Nucleus ReadyStart V3  \u003c 2017.02.4"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2021-11-11",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u4e0d\u6b63\u786e\u96f6\u7ec8\u6b62\u6f0f\u6d1e\uff08CNVD-2021-89438\uff09"
}

CVE-2021-31886 (GCVE-0-2021-31886)

Vulnerability from cvelistv5

Published

2021-11-09 11:31

Modified

2024-08-03 23:10

Severity ?

CWE

CWE-170 - Improper Null Termination

Summary

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf	x_refsource_MISC

Impacted products

Vendor

Product

Version

Siemens

APOGEE MBC (PPC) (BACnet)

Version: All versions

Siemens	APOGEE MBC (PPC) (P2 Ethernet)	Version: All versions
Siemens	APOGEE MEC (PPC) (BACnet)	Version: All versions
Siemens	APOGEE MEC (PPC) (P2 Ethernet)	Version: All versions
Siemens	APOGEE PXC Compact (BACnet)	Version: All versions < V3.5.4
Siemens	APOGEE PXC Compact (P2 Ethernet)	Version: All versions < V2.8.19
Siemens	APOGEE PXC Modular (BACnet)	Version: All versions < V3.5.4
Siemens	APOGEE PXC Modular (P2 Ethernet)	Version: All versions < V2.8.19
Siemens	Desigo PXC00-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC00-U	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC001-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC100-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC12-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC128-U	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC200-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC22-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC22.1-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC36.1-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC50-E.D	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXC64-U	Version: All versions >= V2.3 and < V6.30.016
Siemens	Desigo PXM20-E	Version: All versions >= V2.3 and < V6.30.016
Siemens	Nucleus NET	Version: All versions
Siemens	Nucleus ReadyStart V3	Version: All versions < V2017.02.4
Siemens	Nucleus Source Code	Version: All versions
Siemens	TALON TC Compact (BACnet)	Version: All versions < V3.5.4
Siemens	TALON TC Modular (BACnet)	Version: All versions < V3.5.4

Show details on NVD website