CVE-2021-31884

Name of the Vulnerable Software and Affected Versions APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4 APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19 APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4 APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19 APOGEE PXC Compact (BACnet) versions prior to V3.5.4 APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19 APOGEE PXC Modular (BACnet) versions prior to V3.5.4 APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19 Capital VSTAR versions with enabled Ethernet options Desigo PXC00-E.D versions prior to V6.30.016 Desigo PXC00-U versions prior to V6.30.016 Desigo PXC001-E.D versions prior to V6.30.016 Desigo PXC100-E.D versions prior to V6.30.016 Desigo PXC12-E.D versions prior to V6.30.016 Desigo PXC128-U versions prior to V6.30.016 Desigo PXC200-E.D versions prior to V6.30.016 Desigo PXC22-E.D versions prior to V6.30.016 Desigo PXC22.1-E.D versions prior to V6.30.016 Desigo PXC36.1-E.D versions prior to V6.30.016 Desigo PXC50-E.D versions prior to V6.30.016 Desigo PXC64-U versions prior to V6.30.016 Desigo PXM20-E versions prior to V6.30.016 Nucleus NET versions prior to V2017.02.4 Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus Source Code versions prior to V2017.02.4 TALON TC Compact (BACnet) versions prior to V3.5.4 TALON TC Modular (BACnet) versions prior to V3.5.4

Description The issue is related to a buffer overflow in the DHCP client application, which assumes that the data supplied with the Hostname DHCP option is NULL terminated. If the global hostname variable is not defined, this may lead to out-of-bound reads, writes, and denial-of-service conditions.

Recommendations APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later. APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later. APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later. APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later. APOGEE PXC Compact (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later. APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later. APOGEE PXC Modular (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later. APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later. Capital VSTAR versions with enabled Ethernet options: Disable Ethernet options until a patch is available. Desigo PXC00-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC00-U versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC001-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC100-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC12-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC128-U versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC200-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC22-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC22.1-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC36.1-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC50-E.D versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXC64-U versions prior to V6.30.016: Update to version V6.30.016 or later. Desigo PXM20-E versions prior to V6.30.016: Update to version V6.30.016 or later. Nucleus NET versions prior to V2017.02.4: Update to version V2017.02.4 or later. Nucleus ReadyStart V3 versions prior to V2017.02.4: Update to version V2017.02.4 or later. Nucleus Source Code versions prior to V2017.02.4: Update to version V2017.02.4 or later. TALON TC Compact (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later. TALON TC Modular (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.