Details of VAR-202111-1606

ID

VAR-202111-1606

CVE

CVE-2021-31885

TITLE

Vulnerability in accessing buffers with improper length values in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-006566

DESCRIPTION

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). Several Siemens products contain vulnerabilities in accessing buffers with improper length values.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-31885 // JVNDB: JVNDB-2021-006566

AFFECTED PRODUCTS

vendor:	siemens	model:	nucleus readystart v4	scope:	lt	version:	4.1.1	Trust: 1.0
vendor:	siemens	model:	capital vstar	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	apogee pxc compact	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	nucleus source code	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	talon tc compact	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	apogee pxc modular	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	talon tc modular	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	nucleus readystart v3	scope:	lt	version:	2017.02.4	Trust: 1.0
vendor:	siemens	model:	nucleus net	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	apogee modular equiment controller	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	apogee modular building controller	scope:	eq	version:	*	Trust: 1.0
vendor:	シーメンス	model:	nucleus readystart v4	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	nucleus readystart v3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	apogee modular equiment controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	talon tc modular	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	apogee modular building controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	apogee pxc modular	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	apogee pxc compact	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	nucleus net	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	nucleus source code	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	capital vstar	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	talon tc compact	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // NVD: CVE-2021-31885

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31885
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-31885
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-845
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-31885
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-31885
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31885
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

PROBLEMTYPE DATA

problemtype:	CWE-805	Trust: 1.0
problemtype:	Accessing the buffer with improper length values (CWE-805) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // NVD: CVE-2021-31885

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

PATCH

title:	Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf	Trust: 0.8
title:	Siemens Nucleus ReadyStart Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178540	Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31885	Trust: 3.2
db:	SIEMENS	id:	SSA-044112	Trust: 1.6
db:	SIEMENS	id:	SSA-845392	Trust: 1.6
db:	SIEMENS	id:	SSA-114589	Trust: 1.6
db:	JVN	id:	JVNVU98508242	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-006566	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-313-03	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-315-07	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-013-03	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3874	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3833	Trust: 0.6
db:	CS-HELP	id:	SB2021111003	Trust: 0.6
db:	CS-HELP	id:	SB2022011803	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-845	Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf	Trust: 1.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu98508242/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31885	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021111003	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3874	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022011803	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3833	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03	Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

SOURCES

db:	JVNDB	id:	JVNDB-2021-006566
db:	CNNVD	id:	CNNVD-202111-845
db:	NVD	id:	CVE-2021-31885

LAST UPDATE DATE

2024-08-14T13:10:16.122000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-006566	date:	2022-01-13T06:17:00
db:	CNNVD	id:	CNNVD-202111-845	date:	2022-05-23T00:00:00
db:	NVD	id:	CVE-2021-31885	date:	2022-05-20T13:15:12.843

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-006566	date:	2022-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202111-845	date:	2021-11-09T00:00:00
db:	NVD	id:	CVE-2021-31885	date:	2021-11-09T12:15:09.487