CVE-2021-31890
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unchecked TCP payload length in Nucleus NET of Siemens products may cause information leak and denial of service.
Vulnerability
The vulnerability exists in the Nucleus NET TCP/IP stack used in multiple Siemens products. The total length of a TCP payload (set in the IP header) is not validated, leading to potential memory corruption. Affected products include Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), and SIMOTICS CONNECT 400 (All versions < V1.0.0.0) [1][2].
Exploitation
An attacker with network access to an affected device can send a specially crafted TCP packet with an invalid payload length in the IP header. No authentication is required. The unchecked length can cause memory corruption, potentially leading to information disclosure or denial of service. The exact behavior depends on the memory organization [2].
Impact
Successful exploitation can result in information leakage (reading sensitive memory contents) or denial of service (device crash or hang). The impact is high due to the potential for complete compromise of confidentiality or availability [2][description].
Mitigation
Siemens has released updates for some products: SIMOTICS CONNECT 400 update to V0.5.0.0 or V1.0.0.0 [4]; Capital Embedded AR Classic update to V2303 [1]; for PLUSCONTROL 1st Gen, no fix is planned, and workarounds include network segmentation [3]; for other products, refer to SSA-044112. General security recommendations include protecting network access [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8< V0.5.0.0, < V1.0.0.0+ 1 more
- (no CPE)range: < V0.5.0.0, < V1.0.0.0
- (no CPE)range: All versions < V1.0.0.0
- Range: All versions
- Range: < V2303
- Range: All versions
- Siemens/Capital Embedded AR Classic 431-422v5Range: 0
- Siemens/Capital Embedded AR Classic R20-11v5Range: 0
- Siemens/PLUSCONTROL 1st Genv5Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-223353.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-845392.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/html/ssa-044112.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-114589.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-223353.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-620288.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-845392.htmlmitre
News mentions
0No linked articles in our index yet.