ID

VAR-202111-1606


CVE

CVE-2021-31885


TITLE

Vulnerability in accessing buffers with improper length values in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-006566

DESCRIPTION

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). Several Siemens products contain vulnerabilities in accessing buffers with improper length values.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2021-31885 // JVNDB: JVNDB-2021-006566

AFFECTED PRODUCTS

vendor:siemensmodel:nucleus readystart v4scope:ltversion:4.1.1

Trust: 1.0

vendor:siemensmodel:capital vstarscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee pxc compactscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nucleus source codescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:talon tc compactscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee pxc modularscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:talon tc modularscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nucleus readystart v3scope:ltversion:2017.02.4

Trust: 1.0

vendor:siemensmodel:nucleus netscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee modular equiment controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee modular building controllerscope:eqversion:*

Trust: 1.0

vendor:シーメンスmodel:nucleus readystart v4scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:nucleus readystart v3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:apogee modular equiment controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:talon tc modularscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:apogee modular building controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:apogee pxc modularscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:apogee pxc compactscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:nucleus netscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:nucleus source codescope: - version: -

Trust: 0.8

vendor:シーメンスmodel:capital vstarscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:talon tc compactscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // NVD: CVE-2021-31885

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31885
value: HIGH

Trust: 1.0

NVD: CVE-2021-31885
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-845
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-31885
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-31885
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-31885
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

PROBLEMTYPE DATA

problemtype:CWE-805

Trust: 1.0

problemtype:Accessing the buffer with improper length values (CWE-805) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-006566 // NVD: CVE-2021-31885

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

PATCH

title:Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Productsurl:https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Trust: 0.8

title:Siemens Nucleus ReadyStart Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178540

Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845

EXTERNAL IDS

db:NVDid:CVE-2021-31885

Trust: 3.2

db:SIEMENSid:SSA-044112

Trust: 1.6

db:SIEMENSid:SSA-845392

Trust: 1.6

db:SIEMENSid:SSA-114589

Trust: 1.6

db:JVNid:JVNVU98508242

Trust: 0.8

db:JVNDBid:JVNDB-2021-006566

Trust: 0.8

db:ICS CERTid:ICSA-21-313-03

Trust: 0.6

db:ICS CERTid:ICSA-21-315-07

Trust: 0.6

db:ICS CERTid:ICSA-22-013-03

Trust: 0.6

db:AUSCERTid:ESB-2021.3874

Trust: 0.6

db:AUSCERTid:ESB-2021.3833

Trust: 0.6

db:CS-HELPid:SB2021111003

Trust: 0.6

db:CS-HELPid:SB2022011803

Trust: 0.6

db:CNNVDid:CNNVD-202111-845

Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98508242/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31885

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021111003

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3874

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011803

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3833

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03

Trust: 0.6

sources: JVNDB: JVNDB-2021-006566 // CNNVD: CNNVD-202111-845 // NVD: CVE-2021-31885

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-845

SOURCES

db:JVNDBid:JVNDB-2021-006566
db:CNNVDid:CNNVD-202111-845
db:NVDid:CVE-2021-31885

LAST UPDATE DATE

2024-08-14T13:10:16.122000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-006566date:2022-01-13T06:17:00
db:CNNVDid:CNNVD-202111-845date:2022-05-23T00:00:00
db:NVDid:CVE-2021-31885date:2022-05-20T13:15:12.843

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-006566date:2022-01-13T00:00:00
db:CNNVDid:CNNVD-202111-845date:2021-11-09T00:00:00
db:NVDid:CVE-2021-31885date:2021-11-09T12:15:09.487