PT-2021-6892 · Siemens+2 · Desigo Pxc128-U+21
Published
2021-11-09
·
Updated
2023-05-16
·
CVE-2021-31888
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4
APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19
APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4
APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19
APOGEE PXC Compact (BACnet) versions prior to V3.5.4
APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19
APOGEE PXC Modular (BACnet) versions prior to V3.5.4
APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19
Capital VSTAR (affected versions not specified)
Desigo PXC00-E.D versions prior to V6.30.016
Desigo PXC00-U versions prior to V6.30.016
Desigo PXC001-E.D versions prior to V6.30.016
Desigo PXC100-E.D versions prior to V6.30.016
Desigo PXC12-E.D versions prior to V6.30.016
Desigo PXC128-U versions prior to V6.30.016
Desigo PXC200-E.D versions prior to V6.30.016
Desigo PXC22-E.D versions prior to V6.30.016
Desigo PXC22.1-E.D versions prior to V6.30.016
Desigo PXC36.1-E.D versions prior to V6.30.016
Desigo PXC50-E.D versions prior to V6.30.016
Desigo PXC64-U versions prior to V6.30.016
Desigo PXM20-E versions prior to V6.30.016
Nucleus NET (affected versions not specified)
Nucleus ReadyStart V3 versions prior to V2017.02.4
Nucleus Source Code (affected versions not specified)
TALON TC Compact (BACnet) versions prior to V3.5.4
TALON TC Modular (BACnet) versions prior to V3.5.4
Description
The FTP server does not properly validate the length of the
MKD/XMKD command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution.Recommendations
APOGEE MBC (PPC) (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
APOGEE MBC (PPC) (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later.
APOGEE MEC (PPC) (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
APOGEE MEC (PPC) (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later.
APOGEE PXC Compact (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later.
APOGEE PXC Modular (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.19: Update to version V2.8.19 or later.
Capital VSTAR: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Desigo PXC00-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC00-U versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC001-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC100-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC12-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC128-U versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC200-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC22-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC22.1-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC36.1-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC50-E.D versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXC64-U versions prior to V6.30.016: Update to version V6.30.016 or later.
Desigo PXM20-E versions prior to V6.30.016: Update to version V6.30.016 or later.
Nucleus NET: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Nucleus ReadyStart V3 versions prior to V2017.02.4: Update to version V2017.02.4 or later.
Nucleus Source Code: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
TALON TC Compact (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
TALON TC Modular (BACnet) versions prior to V3.5.4: Update to version V3.5.4 or later.
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apogee Mec (Ppc)
Apogee Pxc Compact
Apogee Pxc Modular
Capital Vstar
Desigo Pxc00-E.D
Desigo Pxc00-U
Desigo Pxc001-E.D
Desigo Pxc100-E.D
Desigo Pxc12-E.D
Desigo Pxc128-U
Desigo Pxc200-E.D
Desigo Pxc22-E.D
Desigo Pxc22.1-E.D
Desigo Pxc36.1-E.D
Desigo Pxc50-E.D
Desigo Pxc64-U
Desigo Pxm20-E
Nucleus Net
Nucleus Readystart V3
Nucleus Source Code
Talon Tc Compact
Talon Tc Modular