CVE-2021-31344

Name of the Vulnerable Software and Affected Versions Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions all prior to V0.5.0.0 SIMOTICS CONNECT 400 versions all prior to V1.0.0.0 APOGEE MBC (PPC) (BACnet) versions all APOGEE MBC (PPC) (P2 Ethernet) versions all APOGEE MEC (PPC) (BACnet) versions all APOGEE MEC (PPC) (P2 Ethernet) versions all APOGEE PXC Compact (BACnet) versions all APOGEE PXC Compact (P2 Ethernet) versions all APOGEE PXC Modular (BACnet) versions all APOGEE PXC Modular (P2 Ethernet) versions all Capital VSTAR versions all Nucleus NET versions all Nucleus ReadyStart V3 versions all prior to V2017.02.4 Nucleus ReadyStart V4 versions all prior to V4.1.1 Nucleus Source Code versions all TALON TC Compact (BACnet) versions all TALON TC Modular (BACnet) versions all

Description A vulnerability has been identified that allows sending ICMP echo reply messages to arbitrary hosts on the network using ICMP echo packets with fake IP options.

Recommendations For Capital Embedded AR Classic 431-422, update to a version that addresses the issue. For Capital Embedded AR Classic R20-11, update to version V2303 or later. For PLUSCONTROL 1st Gen, there is no information about a newer version that contains a fix for this vulnerability. For SIMOTICS CONNECT 400, update to version V1.0.0.0 or later. For APOGEE MBC (PPC) (BACnet), APOGEE MBC (PPC) (P2 Ethernet), APOGEE MEC (PPC) (BACnet), APOGEE MEC (PPC) (P2 Ethernet), APOGEE PXC Compact (BACnet), APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (BACnet), APOGEE PXC Modular (P2 Ethernet), Capital VSTAR, Nucleus NET, Nucleus Source Code, TALON TC Compact (BACnet), TALON TC Modular (BACnet), there is no information about a newer version that contains a fix for this vulnerability. For Nucleus ReadyStart V3, update to version V2017.02.4 or later. For Nucleus ReadyStart V4, update to version V4.1.1 or later.