CVE-2021-41545

Name of the Vulnerable Software and Affected Versions Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884

Description The issue is related to an error in handling exceptions in the BACnet protocol implementation of the Desigo DXR2, PXC3, PXC4, and PXC5 station automation modules. Exploitation of this issue may allow an attacker to cause a denial of service. When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into an "out of work" state and could result in the controller going into a "factory reset" state.

Recommendations For Desigo DXR2 versions prior to V01.21.142.5-22, update to version V01.21.142.5-22 or later. For Desigo PXC3 versions prior to V01.21.142.4-18, update to version V01.21.142.4-18 or later. For Desigo PXC4 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later. For Desigo PXC5 versions prior to V02.20.142.10-10884, update to version V02.20.142.10-10884 or later.