CVE-2021-31884
Description
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
Affected products
27- Siemens/APOGEE MBC (PPC) (BACnet)v5Range: All versions
All versions+ 2 more
- (no CPE)range: All versions
- (no CPE)range: All versions
- (no CPE)range: All versions < V2.8.19
- Siemens/APOGEE MEC (PPC) (BACnet)v5Range: All versions
- Range: All versions < V3.5.4
- Range: All versions < V2.8.19
- Range: All versions < V3.5.4
- Siemens/Capital VSTARv5Range: All versions with enabled Ethernet options
- Siemens/Desigo PXC001-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC00-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC00-Uv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC100-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC128-Uv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC12-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC200-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC22.1-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC22-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC36.1-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC50-E.Dv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXC64-Uv5Range: All versions >= V2.3 and < V6.30.016
- Siemens/Desigo PXM20-Ev5Range: All versions >= V2.3 and < V6.30.016
- Range: All versions
- Range: All versions < V2017.02.4
- Siemens/Nucleus Source Codev5Range: All versions
- Range: All versions < V3.5.4
- Range: All versions < V3.5.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.