CVE-2022-38371

Name of the Vulnerable Software and Affected Versions APOGEE MBC (PPC) (BACnet) versions All APOGEE MBC (PPC) (P2 Ethernet) versions All APOGEE MEC (PPC) (BACnet) versions All APOGEE MEC (PPC) (P2 Ethernet) versions All APOGEE PXC Compact (BACnet) versions prior to V3.5.7 APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.21 APOGEE PXC Modular (BACnet) versions prior to V3.5.7 APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.21 Desigo PXC00-E.D versions V2.3 and later Desigo PXC00-U versions V2.3 and later Desigo PXC001-E.D versions V2.3 and later Desigo PXC100-E.D versions V2.3 and later Desigo PXC12-E.D versions V2.3 and later Desigo PXC128-U versions V2.3 and later Desigo PXC200-E.D versions V2.3 and later Desigo PXC22-E.D versions V2.3 and later Desigo PXC22.1-E.D versions V2.3 and later Desigo PXC36.1-E.D versions V2.3 and later Desigo PXC50-E.D versions V2.3 and later Desigo PXC64-U versions V2.3 and later Desigo PXM20-E versions V2.3 and later Nucleus NET for Nucleus PLUS V1 versions prior to V5.2a Nucleus NET for Nucleus PLUS V2 versions prior to V5.4 Nucleus ReadyStart V3 V2012 versions prior to V2012.08.1 Nucleus ReadyStart V3 V2017 versions prior to V2017.02.4 Nucleus Source Code versions including affected FTP server TALON TC Compact (BACnet) versions prior to V3.5.7 TALON TC Modular (BACnet) versions prior to V3.5.7

Description The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Recommendations APOGEE MBC (PPC) (BACnet) versions All: At the moment, there is no information about a newer version that contains a fix for this vulnerability. APOGEE MBC (PPC) (P2 Ethernet) versions All: At the moment, there is no information about a newer version that contains a fix for this vulnerability. APOGEE MEC (PPC) (BACnet) versions All: At the moment, there is no information about a newer version that contains a fix for this vulnerability. APOGEE MEC (PPC) (P2 Ethernet) versions All: At the moment, there is no information about a newer version that contains a fix for this vulnerability. APOGEE PXC Compact (BACnet) versions prior to V3.5.7: Update to version V3.5.7 or later. APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.21: Update to version V2.8.21 or later. APOGEE PXC Modular (BACnet) versions prior to V3.5.7: Update to version V3.5.7 or later. APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.21: Update to version V2.8.21 or later. Desigo PXC00-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC00-U versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC001-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC100-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC12-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC128-U versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC200-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC22-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC22.1-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC36.1-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC50-E.D versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXC64-U versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Desigo PXM20-E versions V2.3 and later: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Nucleus NET for Nucleus PLUS V1 versions prior to V5.2a: Update to version V5.2a or later. Nucleus NET for Nucleus PLUS V2 versions prior to V5.4: Update to version V5.4 or later. Nucleus ReadyStart V3 V2012 versions prior to V2012.08.1: Update to version V2012.08.1 or later. Nucleus ReadyStart V3 V2017 versions prior to V2017.02.4: Update to version V2017.02.4 or later. Nucleus Source Code versions including affected FTP server: At the moment, there is no information about a newer version that contains a fix for this vulnerability. TALON TC Compact (BACnet) versions prior to V3.5.7: Update to version V3.5.7 or later. TALON TC Modular (BACnet) versions prior to V3.5.7: Update to version V3.5.7 or later.