ID

VAR-202111-1607


CVE

CVE-2021-31884


TITLE

Siemens Nucleus ReadyStart Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202111-846

DESCRIPTION

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

Trust: 1.0

sources: NVD: CVE-2021-31884

AFFECTED PRODUCTS

vendor:siemensmodel:desigo pxc12-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:nucleus source codescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:desigo pxc36.1-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc64-uscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:nucleus readystart v3scope:ltversion:2017.02.1

Trust: 1.0

vendor:siemensmodel:desigo pxc22-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc200-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc00-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc22.1-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:apogee pxc modularscope:ltversion:3.5.4

Trust: 1.0

vendor:siemensmodel:apogee pxc modularscope:ltversion:2.8.19

Trust: 1.0

vendor:siemensmodel:talon tc compactscope:ltversion:3.5.4

Trust: 1.0

vendor:siemensmodel:desigo pxc100-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc22-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc00-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc001-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc128-uscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc200-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc50-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:talon tc modularscope:ltversion:3.5.4

Trust: 1.0

vendor:siemensmodel:desigo pxc128-uscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc50-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc100-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc001-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:apogee pxc compactscope:ltversion:2.8.19

Trust: 1.0

vendor:siemensmodel:desigo pxc36.1-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:apogee pxc compactscope:ltversion:3.5.4

Trust: 1.0

vendor:siemensmodel:nucleus netscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:desigo pxc00-uscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc12-e.dscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:desigo pxc22.1-e.dscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:apogee modular building controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:desigo pxm20-escope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:capital vstarscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:desigo pxc00-uscope:gteversion:2.3

Trust: 1.0

vendor:siemensmodel:desigo pxc64-uscope:ltversion:6.30.016

Trust: 1.0

vendor:siemensmodel:apogee modular equiment controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:desigo pxm20-escope:gteversion:2.3

Trust: 1.0

sources: NVD: CVE-2021-31884

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31884
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202111-846
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-31884
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

nvd@nist.gov: CVE-2021-31884
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202111-846 // NVD: CVE-2021-31884

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-170

Trust: 1.0

sources: NVD: CVE-2021-31884

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-846

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-846

PATCH

title:Siemens Nucleus ReadyStart Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=174352

Trust: 0.6

sources: CNNVD: CNNVD-202111-846

EXTERNAL IDS

db:SIEMENSid:SSA-620288

Trust: 1.6

db:SIEMENSid:SSA-114589

Trust: 1.6

db:SIEMENSid:SSA-044112

Trust: 1.6

db:NVDid:CVE-2021-31884

Trust: 1.6

db:AUSCERTid:ESB-2021.3874

Trust: 0.6

db:AUSCERTid:ESB-2021.3833

Trust: 0.6

db:AUSCERTid:ESB-2021.4289

Trust: 0.6

db:CS-HELPid:SB2021111003

Trust: 0.6

db:CS-HELPid:SB2021121648

Trust: 0.6

db:ICS CERTid:ICSA-21-315-07

Trust: 0.6

db:ICS CERTid:ICSA-21-313-03

Trust: 0.6

db:ICS CERTid:ICSA-21-350-06

Trust: 0.6

db:CNNVDid:CNNVD-202111-846

Trust: 0.6

sources: CNNVD: CNNVD-202111-846 // NVD: CVE-2021-31884

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf

Trust: 1.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111003

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3874

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4289

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121648

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3833

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03

Trust: 0.6

sources: CNNVD: CNNVD-202111-846 // NVD: CVE-2021-31884

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-846

SOURCES

db:CNNVDid:CNNVD-202111-846
db:NVDid:CVE-2021-31884

LAST UPDATE DATE

2024-08-14T12:26:13.797000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202111-846date:2023-06-27T00:00:00
db:NVDid:CVE-2021-31884date:2023-06-26T19:15:56.157

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202111-846date:2021-11-09T00:00:00
db:NVDid:CVE-2021-31884date:2021-11-09T12:15:09.437