CVE-2021-31345

Name of the Vulnerable Software and Affected Versions Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all APOGEE MBC versions all APOGEE MEC versions all APOGEE PXC versions all TALON TC versions all Nucleus NET versions all Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus Source Code versions all Capital VSTAR versions all

Description A vulnerability has been identified related to errors in processing the UDP packet header. The total length of a UDP payload, set in the IP header, is unchecked, which may lead to various side effects, including Information Leak and Denial-of-Service conditions. This depends on user-defined applications running on top of the UDP protocol.

Recommendations For Capital Embedded AR Classic 431-422, consider disabling UDP protocol usage until a patch is available. For Capital Embedded AR Classic R20-11 versions prior to V2303, update to version V2303 or later. For PLUSCONTROL 1st Gen, restrict access to UDP endpoints to minimize the risk of exploitation. For APOGEE MBC, APOGEE MEC, APOGEE PXC, and TALON TC, avoid using the UDP protocol in user-defined applications until the issue is resolved. For Nucleus NET, Nucleus ReadyStart V3, and Nucleus Source Code, consider applying configuration changes to limit the impact of unchecked UDP payload lengths. For Capital VSTAR, temporarily disable the vulnerable UDP packet header processing function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected products.