VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 9, 2021· Updated Aug 3, 2024

CVE-2021-31885

CVE-2021-31885

Description

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)

Affected products

28
  • Siemens/APOGEE MBC (PPC) (BACnet)v5
    Range: All versions
  • Siemens Foundation/APOGEE PXC Modular (P2 Ethernet)cpe-rescue3 versions
    All versions+ 2 more
    • (no CPE)range: All versions
    • (no CPE)range: All versions
    • (no CPE)range: All versions < V2.8.19
  • Siemens/APOGEE MEC (PPC) (BACnet)v5
    Range: All versions
  • Siemens Foundation/APOGEE PXC Compact (BACnet)cpe-rescue
    Range: All versions < V3.5.4
  • Siemens Foundation/APOGEE PXC Compact (P2 Ethernet)cpe-rescue
    Range: All versions < V2.8.19
  • Siemens Foundation/APOGEE PXC Modular (BACnet)cpe-rescue
    Range: All versions < V3.5.4
  • Siemens/Desigo PXC001-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC00-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC00-Uv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC100-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC128-Uv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC12-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC200-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC22.1-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC22-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC36.1-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC50-E.Dv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXC64-Uv5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens/Desigo PXM20-Ev5
    Range: All versions >= V2.3 and < V6.30.016
  • Siemens Foundation/Nucleus NETcpe-rescue
    Range: All versions
  • Siemens Foundation/Nucleus ReadyStart V3 V2012cpe-rescue2 versions
    All versions < V2017.02.4+ 1 more
    • (no CPE)range: All versions < V2017.02.4
    • (no CPE)range: All versions < V4.1.1
  • Siemens/Nucleus Source Codev5
    Range: All versions
  • Siemens/PLUSCONTROL 1st Genv5
    Range: All versions
  • Siemens Foundation/TALON TC Compact (BACnet)cpe-rescue
    Range: All versions < V3.5.4
  • Siemens Foundation/TALON TC Modular (BACnet)cpe-rescue
    Range: All versions < V3.5.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.