Unrated severityNVD Advisory· Published Nov 9, 2021· Updated Mar 11, 2025

CVE-2021-31346

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unchecked ICMP payload length in Nucleus RTOS TCP/IP stack allows information leak and denial-of-service in several Siemens products including Capital Embedded AR Classic and SIMOTICS CONNECT 400.

Vulnerability

The vulnerability exists in the Nucleus RTOS TCP/IP stack, where the total length of an ICMP payload set in the IP header is not checked. This affects Capital Embedded AR Classic 431-422 (all versions), Capital Embedded AR Classic R20-11 (all versions < V2303), PLUSCONTROL 1st Gen (all versions), and SIMOTICS CONNECT 400 (all versions < V0.5.0.0 and < V1.0.0.0) [1][2][3][4].

Exploitation

An attacker with network access can send a specially crafted ICMP packet with an excessive payload length. No authentication is required, and the unchecked length may cause memory corruption or buffer overflow, depending on the network buffer organization. User interaction is not needed.

Impact

Successful exploitation can lead to information leakage (disclosure of sensitive memory contents) and denial-of-service conditions (device crashes or unresponsiveness). The impact primarily affects confidentiality and availability; integrity is not directly compromised.

Mitigation

Siemens has released updates for SIMOTICS CONNECT 400 to versions V0.5.0.0 and V1.0.0.0 [4]. For Capital Embedded AR Classic and PLUSCONTROL 1st Gen, no fix is currently planned [1][3]. As workarounds, network segmentation and restricting access to trusted networks are recommended. For Nucleus RTOS products, updating the Nucleus NET stack may mitigate the issue [2].

References

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Siemens Foundation/SIMOTICS CONNECT 400llm-fuzzy2 versions
< V0.5.0.0+ 1 more
- (no CPE)range: < V0.5.0.0
- (no CPE)range: All versions < V1.0.0.0
Siemens Foundation/Capital Embedded AR Classic R20-11llm-fuzzy
Range: < V2303
Siemens/Capital Embedded AR Classic 431-422v5
Range: 0
Siemens/Capital Embedded AR Classic R20-11v5
Range: 0
Siemens/PLUSCONTROL 1st Genv5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-223353.pdfmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfmitrex_refsource_MISC
cert-portal.siemens.com/productcert/pdf/ssa-845392.pdfmitrex_refsource_MISC
cert-portal.siemens.com/productcert/html/ssa-044112.htmlmitre
cert-portal.siemens.com/productcert/html/ssa-114589.htmlmitre
cert-portal.siemens.com/productcert/html/ssa-223353.htmlmitre
cert-portal.siemens.com/productcert/html/ssa-620288.htmlmitre
cert-portal.siemens.com/productcert/html/ssa-845392.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000