ID

VAR-202111-1612


CVE

CVE-2021-31345


TITLE

Siemens Nucleus Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202111-853

DESCRIPTION

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)

Trust: 1.0

sources: NVD: CVE-2021-31345

AFFECTED PRODUCTS

vendor:siemensmodel:nucleus readystart v3scope:ltversion:2014.12

Trust: 1.0

vendor:siemensmodel:apogee modular building controllerscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:talon tc compactscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee pxc compactscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nucleus netscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nucleus source codescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee pxc modularscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:talon tc modularscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:capital vstarscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:apogee modular equiment controllerscope:eqversion:*

Trust: 1.0

sources: NVD: CVE-2021-31345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31345
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2021-31345
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202111-853
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2021-31345
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

nvd@nist.gov: CVE-2021-31345
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2021-31345
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202111-853 // NVD: CVE-2021-31345 // NVD: CVE-2021-31345

PROBLEMTYPE DATA

problemtype:CWE-1284

Trust: 1.0

sources: NVD: CVE-2021-31345

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-853

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-853

PATCH

title:Siemens Nucleus ReadyStart Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178542

Trust: 0.6

sources: CNNVD: CNNVD-202111-853

EXTERNAL IDS

db:NVDid:CVE-2021-31345

Trust: 1.6

db:SIEMENSid:SSA-620288

Trust: 1.6

db:SIEMENSid:SSA-044112

Trust: 1.6

db:SIEMENSid:SSA-845392

Trust: 1.6

db:SIEMENSid:SSA-114589

Trust: 1.6

db:ICS CERTid:ICSA-21-350-06

Trust: 0.6

db:ICS CERTid:ICSA-21-313-03

Trust: 0.6

db:ICS CERTid:ICSA-21-315-07

Trust: 0.6

db:ICS CERTid:ICSA-22-013-03

Trust: 0.6

db:CS-HELPid:SB2021121648

Trust: 0.6

db:CS-HELPid:SB2022010910

Trust: 0.6

db:CS-HELPid:SB2021111003

Trust: 0.6

db:CS-HELPid:SB2022011803

Trust: 0.6

db:AUSCERTid:ESB-2022.0094

Trust: 0.6

db:AUSCERTid:ESB-2021.3874

Trust: 0.6

db:AUSCERTid:ESB-2021.4289

Trust: 0.6

db:AUSCERTid:ESB-2021.3833

Trust: 0.6

db:CNNVDid:CNNVD-202111-853

Trust: 0.6

sources: CNNVD: CNNVD-202111-853 // NVD: CVE-2021-31345

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf

Trust: 1.6

url:https://cert-portal.siemens.com/productcert/html/ssa-044112.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-114589.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-620288.html

Trust: 1.0

url:https://cert-portal.siemens.com/productcert/html/ssa-845392.html

Trust: 1.0

url:https://www.cybersecurity-help.cz/vdb/sb2021111003

Trust: 0.6

url:https://source.android.com/security/bulletin/2022-01-01

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0094

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3833

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-31345

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3874

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4289

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011803

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121648

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010910

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03

Trust: 0.6

sources: CNNVD: CNNVD-202111-853 // NVD: CVE-2021-31345

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-853

SOURCES

db:CNNVDid:CNNVD-202111-853
db:NVDid:CVE-2021-31345

LAST UPDATE DATE

2024-10-08T21:00:09.032000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202111-853date:2022-05-23T00:00:00
db:NVDid:CVE-2021-31345date:2024-10-08T09:15:04.067

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202111-853date:2021-11-09T00:00:00
db:NVDid:CVE-2021-31345date:2021-11-09T12:15:09.143