Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38371

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Published

2022-10-11T11:15:10.297

Last Modified

2025-04-08T09:15:15.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-400
Type: Secondary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	nucleus_net	*	Yes
Application	siemens	nucleus_readystart_v3	*	Yes
Application	siemens	nucleus_source_code	-	Yes
Operating System	siemens	apogee_modular_building_controller_firmware	*	Yes
Hardware	siemens	apogee_modular_building_controller	-	No
Operating System	siemens	apogee_modular_equiment_controller_firmware	*	Yes
Hardware	siemens	apogee_modular_equiment_controller	-	No
Operating System	siemens	apogee_pxc_compact_firmware	*	Yes
Hardware	siemens	apogee_pxc_compact	-	No
Operating System	siemens	apogee_pxc_modular_firmware	*	Yes
Hardware	siemens	apogee_pxc_modular	-	No
Operating System	siemens	desigo_pxc00-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc00-e.d	-	No
Operating System	siemens	desigo_pxc00-u_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc00-u	-	No
Operating System	siemens	desigo_pxc001-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc001-e.d	-	No
Operating System	siemens	desigo_pxc12-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc12-e.d	-	No
Operating System	siemens	desigo_pxc22-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc22-e.d	-	No
Operating System	siemens	desigo_pxc22.1-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc22.1-e.d	-	No
Operating System	siemens	desigo_pxc36.1-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc36.1-e.d	-	No
Operating System	siemens	desigo_pxc50-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc50-e.d	-	No
Operating System	siemens	desigo_pxc64-u_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc64-u	-	No
Operating System	siemens	desigo_pxc100-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc100-e.d	-	No
Operating System	siemens	desigo_pxc128-u_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc128-u	-	No
Operating System	siemens	desigo_pxc200-e.d_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxc200-e.d	-	No
Operating System	siemens	desigo_pxm20-e_firmware	≤ 2.3	Yes
Hardware	siemens	desigo_pxm20-e	-	No
Operating System	siemens	talon_tc_compact_firmware	*	Yes
Hardware	siemens	talon_tc_compact	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-313313.html ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-935500.html ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf Patch, Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/html/ssa-313313.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/html/ssa-935500.html (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)