Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31345

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)

Published

2021-11-09T12:15:09.143

Last Modified

2024-11-21T06:05:27.797

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-1284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	capital_vstar	*	Yes
Application	siemens	nucleus_net	*	Yes
Application	siemens	nucleus_readystart_v3	< 2014.12	Yes
Application	siemens	nucleus_source_code	*	Yes
Operating System	siemens	apogee_modular_building_controller_firmware	*	Yes
Hardware	siemens	apogee_modular_building_controller	-	No
Operating System	siemens	apogee_modular_equiment_controller_firmware	*	Yes
Hardware	siemens	apogee_modular_equiment_controller	-	No
Operating System	siemens	apogee_pxc_compact_firmware	*	Yes
Hardware	siemens	apogee_pxc_compact	-	No
Operating System	siemens	apogee_pxc_modular_firmware	*	Yes
Hardware	siemens	apogee_pxc_modular	-	No
Operating System	siemens	talon_tc_compact_firmware	*	Yes
Hardware	siemens	talon_tc_compact	-	No
Operating System	siemens	talon_tc_modular_firmware	*	Yes
Hardware	siemens	talon_tc_modular	-	No
Operating System	siemens	apogee_modular_building_controller_firmware	*	Yes
Hardware	siemens	apogee_modular_building_controller	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-044112.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-114589.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-620288.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-845392.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf (af854a3a-2127-422b-91ae-364da2661108)