CVE-2021-31885

Name of the Vulnerable Software and Affected Versions APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4 APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19 APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4 APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19 APOGEE PXC Compact (BACnet) versions prior to V3.5.4 APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19 APOGEE PXC Modular (BACnet) versions prior to V3.5.4 APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19 Desigo PXC00-E.D versions prior to V6.30.016 Desigo PXC00-U versions prior to V6.30.016 Desigo PXC001-E.D versions prior to V6.30.016 Desigo PXC100-E.D versions prior to V6.30.016 Desigo PXC12-E.D versions prior to V6.30.016 Desigo PXC128-U versions prior to V6.30.016 Desigo PXC200-E.D versions prior to V6.30.016 Desigo PXC22-E.D versions prior to V6.30.016 Desigo PXC22.1-E.D versions prior to V6.30.016 Desigo PXC36.1-E.D versions prior to V6.30.016 Desigo PXC50-E.D versions prior to V6.30.016 Desigo PXC64-U versions prior to V6.30.016 Desigo PXM20-E versions prior to V6.30.016 Nucleus NET versions prior to V2017.02.4 Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus ReadyStart V4 versions prior to V4.1.1 Nucleus Source Code versions prior to V2017.02.4 PLUSCONTROL 1st Gen versions prior to V2017.02.4 TALON TC Compact (BACnet) versions prior to V3.5.4 TALON TC Modular (BACnet) versions prior to V3.5.4

Description The issue is related to a TFTP server application that allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. This can be exploited by a remote attacker to gain access to protected information.

Recommendations For APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later. For APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19, update to version V2.8.19 or later. For APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later. For APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19, update to version V2.8.19 or later. For APOGEE PXC Compact (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later. For APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19, update to version V2.8.19 or later. For APOGEE PXC Modular (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later. For APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19, update to version V2.8.19 or later. For Desigo PXC00-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC00-U versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC001-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC100-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC12-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC128-U versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC200-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC22-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC22.1-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC36.1-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC50-E.D versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXC64-U versions prior to V6.30.016, update to version V6.30.016 or later. For Desigo PXM20-E versions prior to V6.30.016, update to version V6.30.016 or later. For Nucleus NET versions prior to V2017.02.4, update to version V2017.02.4 or later. For Nucleus ReadyStart V3 versions prior to V2017.02.4, update to version V2017.02.4 or later. For Nucleus ReadyStart V4 versions prior to V4.1.1, update to version V4.1.1 or later. For Nucleus Source Code versions prior to V2017.02.4, update to version V2017.02.4 or later. For PLUSCONTROL 1st Gen versions prior to V2017.02.4, update to version V2017.02.4 or later. For TALON TC Compact (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later. For TALON TC Modular (BACnet) versions prior to V3.5.4, update to version V3.5.4 or later.