Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-31883 (GCVE-0-2021-31883)
Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2025-03-11 09:47
VLAI
EPSS
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
Severity
7.1 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Capital Embedded AR Classic 431-422 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Capital Embedded AR Classic R20-11 |
Affected:
0 , < V2303
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic 431-422",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic R20-11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T09:47:43.750Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31883",
"datePublished": "2021-11-09T11:31:56.000Z",
"dateReserved": "2021-04-29T00:00:00.000Z",
"dateUpdated": "2025-03-11T09:47:43.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-31883",
"date": "2026-05-28",
"epss": "0.01414",
"percentile": "0.80834"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-31883\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-11-09T12:15:09.383\",\"lastModified\":\"2024-11-21T06:06:25.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet habilitadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6. 30.016), Desigo PXC00-U (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30. 016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC128-U (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC22-E. D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC22.1-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC50-E. D (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30.016), Desigo PXM20-E (Todas las versiones posteriores o iguales V2.3 y anteriores a V6.30. 016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus Source Code (Todas las versiones), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). Al procesar un mensaje DHCP ACK, la aplicaci\u00f3n cliente DHCP no valida la longitud de la(s) opci\u00f3n(es) del proveedor, lo que provoca condiciones de denegaci\u00f3n de servicio. (FSMD-2021-0013)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A987CFB-4A41-4F82-8C7F-31DE8F0650DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2017.02.1\",\"matchCriteriaId\":\"769372D0-68B3-47F3-B13B-43EAAF7E822D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAF9C3-B56A-4F40-B90B-D0DE96869A44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACCB699F-4F10-47BD-8890-047380972BE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7945BF7D-AB3A-4285-9C58-D56149ADFC15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"105A6FFB-1176-4021-868D-3D6CE77113B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BE40AF-B7A4-498A-943E-11AA9393A3D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CA14719-C655-4BED-AE8D-B9C983847AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3470FD-BEBE-465F-A189-F4CEDD0F6815\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-044112.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-114589.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-620288.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SSA-114589
Vulnerability from csaf_siemens - Published: 2021-11-09 00:00 - Updated: 2022-05-10 00:00Summary
SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products
Notes
Summary: Multiple vulnerabilities (also known as "NUCLEUS:13") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.
The products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
General Recommendations: As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
CWE-843
- Access of Resource Using Incompatible Type ('Type Confusion')
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-1284
- Improper Validation of Specified Quantity in Input
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-1284
- Improper Validation of Specified Quantity in Input
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-125
- Out-of-bounds Read
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-119
- Improper Restriction of Operations within the Bounds of a Memory Buffer
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-170
- Improper Null Termination
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-805
- Buffer Access with Incorrect Length Value
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
9.8 (Critical)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-170
- Improper Null Termination
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-170
- Improper Null Termination
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-191
- Integer Underflow (Wrap or Wraparound)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
CWE-240
- Improper Handling of Inconsistent Structural Elements
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
APOGEE MBC (PPC) (BACnet)
Siemens / APOGEE MBC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MBC (PPC) (P2 Ethernet)
Siemens / APOGEE MBC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (BACnet)
Siemens / APOGEE MEC (PPC) (BACnet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE MEC (PPC) (P2 Ethernet)
Siemens / APOGEE MEC (PPC) (P2 Ethernet)
|
vers:all/* |
No Fix Planned
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (BACnet)
Siemens / APOGEE PXC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Compact (P2 Ethernet)
Siemens / APOGEE PXC Compact (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (BACnet)
Siemens / APOGEE PXC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
APOGEE PXC Modular (P2 Ethernet)
Siemens / APOGEE PXC Modular (P2 Ethernet)
|
< V2.8.19 |
Vendor Fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-E.D
Siemens / Desigo PXC00-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC00-U
Siemens / Desigo PXC00-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC001-E.D
Siemens / Desigo PXC001-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC12-E.D
Siemens / Desigo PXC12-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22-E.D
Siemens / Desigo PXC22-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC22.1-E.D
Siemens / Desigo PXC22.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC36.1-E.D
Siemens / Desigo PXC36.1-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC50-E.D
Siemens / Desigo PXC50-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC64-U
Siemens / Desigo PXC64-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC100-E.D
Siemens / Desigo PXC100-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC128-U
Siemens / Desigo PXC128-U
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXC200-E.D
Siemens / Desigo PXC200-E.D
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
Desigo PXM20-E
Siemens / Desigo PXM20-E
|
>= V2.3 and < V6.30.016 |
Vendor Fix
fix
Mitigation
Mitigation
|
|
|
TALON TC Compact (BACnet)
Siemens / TALON TC Compact (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
|
|
TALON TC Modular (BACnet)
Siemens / TALON TC Modular (BACnet)
|
< V3.5.4 |
Vendor Fix
Mitigation
Mitigation
|
References
185 references
{
"document": {
"category": "Siemens Security Advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited.",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt"
},
{
"category": "self",
"summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json"
}
],
"title": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products",
"tracking": {
"current_release_date": "2022-05-10T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-114589",
"initial_release_date": "2021-11-09T00:00:00Z",
"revision_history": [
{
"date": "2021-11-09T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-12-14T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
},
{
"date": "2022-04-12T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
},
{
"date": "2022-05-10T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
}
],
"status": "interim",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (BACnet)",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MBC (PPC) (P2 Ethernet)",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "APOGEE MBC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (BACnet)",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "APOGEE MEC (PPC) (P2 Ethernet)",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "APOGEE MEC (PPC) (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.5.4",
"product": {
"name": "APOGEE PXC Compact (BACnet)",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.8.19",
"product": {
"name": "APOGEE PXC Compact (P2 Ethernet)",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Compact (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.5.4",
"product": {
"name": "APOGEE PXC Modular (BACnet)",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V2.8.19",
"product": {
"name": "APOGEE PXC Modular (P2 Ethernet)",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "APOGEE PXC Modular (P2 Ethernet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC00-E.D",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC00-U",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "Desigo PXC00-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC001-E.D",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "Desigo PXC001-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC12-E.D",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "Desigo PXC12-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC22-E.D",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "Desigo PXC22-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC22.1-E.D",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "Desigo PXC22.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC36.1-E.D",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "Desigo PXC36.1-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC50-E.D",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "Desigo PXC50-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC64-U",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "Desigo PXC64-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC100-E.D",
"product_id": "18"
}
}
],
"category": "product_name",
"name": "Desigo PXC100-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC128-U",
"product_id": "19"
}
}
],
"category": "product_name",
"name": "Desigo PXC128-U"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXC200-E.D",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "Desigo PXC200-E.D"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= V2.3 and \u003c V6.30.016",
"product": {
"name": "Desigo PXM20-E",
"product_id": "21"
}
}
],
"category": "product_name",
"name": "Desigo PXM20-E"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.5.4",
"product": {
"name": "TALON TC Compact (BACnet)",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "TALON TC Compact (BACnet)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.5.4",
"product": {
"name": "TALON TC Modular (BACnet)",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "TALON TC Modular (BACnet)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "summary",
"text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31344 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31344 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31345 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31345 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "summary",
"text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31346 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31346 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31881 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31881 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31882 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31882 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31883 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31883 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31884 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31884 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31885",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"notes": [
{
"category": "summary",
"text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31885 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31885 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31885"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31886 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31886 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31887 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31887 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "summary",
"text": "FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31888 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31888 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31889 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31889 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "summary",
"text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
"references": [
{
"summary": "CVE-2021-31890 - Desigo PXC00-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC00-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC001-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC12-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC22.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC36.1-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC50-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC64-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC100-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC128-U",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXC200-E.D",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 - Desigo PXM20-E",
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"summary": "CVE-2021-31890 Mitre 5.0 json",
"url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json"
}
],
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.5.4 or later version",
"product_ids": [
"5",
"7",
"22",
"23"
]
},
{
"category": "vendor_fix",
"details": "Update to V2.8.19 or later version",
"product_ids": [
"6",
"8"
]
},
{
"category": "vendor_fix",
"details": "Update to V6.30.016 or later version",
"product_ids": [
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
},
{
"category": "mitigation",
"details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
},
{
"category": "mitigation",
"details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23"
]
}
],
"title": "CVE-2021-31890"
}
]
}
VAR-202111-1608
Vulnerability from variot - Updated: 2024-10-08 21:22A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1608",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apogee modular building controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus net",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus source code",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "capital vstar",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus readystart v3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2017.02.1"
},
{
"model": "apogee modular equiment controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
}
],
"trust": 0.6
},
"cve": "CVE-2021-31883",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31883",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31883",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-31883",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31883",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2021-31883",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-847",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"db": "NVD",
"id": "CVE-2021-31883"
},
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31883"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31883",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-114589",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-620288",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-044112",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-315-07",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4289",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3833",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121648",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-847",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"id": "VAR-202111-1608",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.544069276
},
"last_update_date": "2024-10-08T21:22:58.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174354"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4289"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121648"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3833"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"date": "2021-11-09T12:15:09.383000",
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-847"
},
{
"date": "2024-10-08T09:15:05.633000",
"db": "NVD",
"id": "CVE-2021-31883"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Nucleus ReadyStart Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-847"
}
],
"trust": 0.6
}
}
VDE-2021-050
Vulnerability from csaf_wagogmbhcokg - Published: 2021-11-16 11:02 - Updated: 2021-11-16 11:02Summary
WAGO: Multiple devices affected by Vulnerabilities in NUCLEUS TCP Stack.
Severity
Critical
Notes
Summary: Multiple vulnerabilities were reported in the Nucleus Real-Time Operating System (RTOS). The Nucleus RTOS is an essential component in several WAGO PLCs and fieldbus coupler. WAGO uses older Versions of the Nucleus RTOS also in legacy products.
For additional information please consult the official Siemens advisory:
• Advisory SSA-044112
Impact: The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the device. Please consult the CVE entries listed above for more details.
WAGO devices are not affected by CVE-2021-31885.
Vulnerable to all vulnerabilities listed above:
750-829, 750-831/000-00x, 750-852, 750-880/0xx-xxx, 750-881, 750-882, 750-885/0xx-xxx, 750-889, 750-331, 750-352/xxx-xxx
Vulnerable only to CVE-2021-31344, CVE-2021-31346, CVE-2021-31890:
750-823, 750-832/000-00x, 750-862, 750-890/0xx-xxx, 750-891, 750-893, 750-332, 750-362/xxx-xxx, 750-363/xxx-xxx, 750-364/xxx-xxx, 750-365/xxx-xxx
Mitigation: 1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Remediation: For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)
5.3 (Medium)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
9.1 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
9.1 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
7.5 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
9.8 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)
9.8 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
8.8 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)
8.8 (High)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
9.1 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)
9.1 (Critical)
Mitigation
1. Use general security best practices to protect systems from local and network attacks.
2. Do not allow direct access to the device from untrusted networks.
3. Update to the latest firmware according to the table in chapter solutions.
4. Disable the DHCP, DNS and the FTP port 21.
5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].
For fieldbus coupler:
- 750-331
- 750-352/xxx-xxx
For PLCs:
- 750-829
- 750-831/xxx-xxx
- 750-852
- 750-880/xxx-xxx
- 750-881
- 750-889
The listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:
1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.
2. Ensure DHCP responses from non-authorized servers are blocked or discarded.
3. Monitor network traffic for anomalies and discard invalid packets.
4. Disable or block FTP, DHCP, DNS especially on critical network segments
5. Please check regularly https://certvde.com/de/ for an update of this Advisory.
Vendor Fix
For fieldbus coupler:
- 750-332
- 750-362/xxx-xxx
- 750-363/xxx-xxx
- 750-364/xxx-xxx
- 750-365/xxx-xxx
For PLCs:
- 750-823
- 750-832/xxx-xxx
- 750-862
- 750-890/xxx-xxx
- 750-891
- 750-893
We recommend all effected users to update to the firmware version listed below:
| Article Number | Fixed in Firmware Version | Availability |
|----------------------|----------------------------|---------------------------|
| 750-823 | >=FW10 | January 2022 |
| 750-832/000-00x | >=FW10 | After BACnet certification|
| 750-862 | >=FW10 | January 2022 |
| 750-890/xxx-xxx | >=FW10 | January 2022 |
| 750-891 | >=FW10 | January 2022 |
| 750-893 | >=FW10 | January 2022 |
| 750-332 | >=FW10 | After BACnet certification|
| 750-362/xxx-xxx | >=FW10 | January 2022 |
| 750-363/xxx-xxx | >=FW10 | January 2022 |
| 750-364/xxx-xxx | >=FW10 | January 2022 |
| 750-365/xxx-xxx | >=FW10 | January 2022 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — | ||
| Unresolved product id: CSAFPID-31011 | — | ||
| Unresolved product id: CSAFPID-31012 | — | ||
| Unresolved product id: CSAFPID-31013 | — | ||
| Unresolved product id: CSAFPID-31014 | — | ||
| Unresolved product id: CSAFPID-31015 | — | ||
| Unresolved product id: CSAFPID-31016 | — | ||
| Unresolved product id: CSAFPID-31017 | — | ||
| Unresolved product id: CSAFPID-31018 | — | ||
| Unresolved product id: CSAFPID-31019 | — | ||
| Unresolved product id: CSAFPID-31020 | — | ||
| Unresolved product id: CSAFPID-31021 | — |
References
4 references
| URL | Category |
|---|---|
| https://certvde.com/en/advisories/VDE-2021-050/ | self |
| https://wago.csaf-tp.certvde.com/.well-known/csaf… | self |
| https://www.wago.com/psirt | external |
| https://certvde.com/en/advisories/vendor/wago/ | external |
Acknowledgments
CERT@VDE
certvde.com
Medigate
Yuval Halaban
Uriel Malin
Tal Zohar
Forescout Technologies
Daniel dos Santos
Amine Amri
Stanislav Dashevskyi
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "reporting"
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "reporting"
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities were reported in the Nucleus Real-Time Operating System (RTOS). The Nucleus RTOS is an essential component in several WAGO PLCs and fieldbus coupler. WAGO uses older Versions of the Nucleus RTOS also in legacy products.\nFor additional information please\u00a0consult the official Siemens advisory:\n\u2022 Advisory\u00a0SSA-044112",
"title": "Summary"
},
{
"category": "description",
"text": "The reported vulnerabilities allow an attacker who has access to the device and is able to exploit the vulnerabilities, to manipulate and disrupt the device. Please consult the CVE entries listed above for more details.\nWAGO devices are not affected by CVE-2021-31885.\nVulnerable to all vulnerabilities listed above:\n750-829, 750-831/000-00x, 750-852, 750-880/0xx-xxx, 750-881, 750-882, 750-885/0xx-xxx, 750-889, 750-331, 750-352/xxx-xxx\nVulnerable only to CVE-2021-31344, CVE-2021-31346, CVE-2021-31890:\n750-823, 750-832/000-00x, 750-862, 750-890/0xx-xxx, 750-891, 750-893, 750-332, 750-362/xxx-xxx, 750-363/xxx-xxx, 750-364/xxx-xxx, 750-365/xxx-xxx",
"title": "Impact"
},
{
"category": "description",
"text": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"title": "Mitigation"
},
{
"category": "description",
"text": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@wago.com",
"name": "WAGO GmbH \u0026 Co. KG",
"namespace": "https://www.wago.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2021-050: WAGO: Multiple devices affected by Vulnerabilities in NUCLEUS TCP Stack. - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-050/"
},
{
"category": "self",
"summary": "VDE-2021-050: WAGO: Multiple devices affected by Vulnerabilities in NUCLEUS TCP Stack. - CSAF",
"url": "https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-050.json"
},
{
"category": "external",
"summary": "WAGO PSIRT",
"url": "https://www.wago.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for WAGO GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/wago/"
}
],
"title": "WAGO: Multiple devices affected by Vulnerabilities in NUCLEUS TCP Stack.",
"tracking": {
"aliases": [
"VDE-2021-050"
],
"current_release_date": "2021-11-16T11:02:00.000Z",
"generator": {
"date": "2025-06-16T07:25:47.768Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2021-050",
"initial_release_date": "2021-11-16T11:02:00.000Z",
"revision_history": [
{
"date": "2021-11-16T11:02:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "750-331",
"product": {
"name": "750-331",
"product_id": "CSAFPID-11001"
}
},
{
"category": "product_name",
"name": "750-332",
"product": {
"name": "750-332",
"product_id": "CSAFPID-11002"
}
},
{
"category": "product_name",
"name": "750-352/xxx-xxx",
"product": {
"name": "750-352/xxx-xxx",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "750-362/xxx-xxx",
"product": {
"name": "750-362/xxx-xxx",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "750-363/xxx-xxx",
"product": {
"name": "750-363/xxx-xxx",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "750-364/xxx-xxx",
"product": {
"name": "750-364/xxx-xxx",
"product_id": "CSAFPID-11006"
}
},
{
"category": "product_name",
"name": "750-365/xxx-xxx",
"product": {
"name": "750-365/xxx-xxx",
"product_id": "CSAFPID-11007"
}
},
{
"category": "product_name",
"name": "750-823",
"product": {
"name": "750-823",
"product_id": "CSAFPID-11008"
}
},
{
"category": "product_name",
"name": "750-829",
"product": {
"name": "750-829",
"product_id": "CSAFPID-11009"
}
},
{
"category": "product_name",
"name": "750-831/000-00x",
"product": {
"name": "750-831/000-00x",
"product_id": "CSAFPID-11010"
}
},
{
"category": "product_name",
"name": "750-832/000-00x",
"product": {
"name": "750-832/000-00x",
"product_id": "CSAFPID-11011"
}
},
{
"category": "product_name",
"name": "750-852",
"product": {
"name": "750-852",
"product_id": "CSAFPID-11012"
}
},
{
"category": "product_name",
"name": "750-862",
"product": {
"name": "750-862",
"product_id": "CSAFPID-11013"
}
},
{
"category": "product_name",
"name": "750-880/0xx-xxx",
"product": {
"name": "750-880/0xx-xxx",
"product_id": "CSAFPID-11014"
}
},
{
"category": "product_name",
"name": "750-881",
"product": {
"name": "750-881",
"product_id": "CSAFPID-11015"
}
},
{
"category": "product_name",
"name": "750-882",
"product": {
"name": "750-882",
"product_id": "CSAFPID-11016"
}
},
{
"category": "product_name",
"name": "750-885/0xx-xxx",
"product": {
"name": "750-885/0xx-xxx",
"product_id": "CSAFPID-11017"
}
},
{
"category": "product_name",
"name": "750-889",
"product": {
"name": "750-889",
"product_id": "CSAFPID-11018"
}
},
{
"category": "product_name",
"name": "750-890/0xx-xxx",
"product": {
"name": "750-890/0xx-xxx",
"product_id": "CSAFPID-11019"
}
},
{
"category": "product_name",
"name": "750-891",
"product": {
"name": "750-891",
"product_id": "CSAFPID-11020"
}
},
{
"category": "product_name",
"name": "750-893",
"product": {
"name": "750-893",
"product_id": "CSAFPID-11021"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=FW16",
"product": {
"name": "Firmware \u003c=FW16",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW09",
"product": {
"name": "Firmware \u003c=FW09",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c=FW14",
"product": {
"name": "Firmware \u003c=FW14",
"product_id": "CSAFPID-21003"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "WAGO"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-331",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-332",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-352/xxx-xxx",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-362/xxx-xxx",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-363/xxx-xxx",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-364/xxx-xxx",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-365/xxx-xxx",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-823",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-829",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW14 installed on 750-831/000-00x",
"product_id": "CSAFPID-31010"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11010"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-832/000-00x",
"product_id": "CSAFPID-31011"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-852",
"product_id": "CSAFPID-31012"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11012"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-862",
"product_id": "CSAFPID-31013"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11013"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-880/0xx-xxx",
"product_id": "CSAFPID-31014"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11014"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-881",
"product_id": "CSAFPID-31015"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11015"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-882",
"product_id": "CSAFPID-31016"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11016"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-885/0xx-xxx",
"product_id": "CSAFPID-31017"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11017"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW16 installed on 750-889",
"product_id": "CSAFPID-31018"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11018"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-890/0xx-xxx",
"product_id": "CSAFPID-31019"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11019"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-891",
"product_id": "CSAFPID-31020"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11020"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=FW09 installed on 750-893",
"product_id": "CSAFPID-31021"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11021"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31344"
},
{
"cve": "CVE-2021-31345",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31345"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31886",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31886"
},
{
"cve": "CVE-2021-31887",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31887"
},
{
"cve": "CVE-2021-31888",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31888"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
},
"remediations": [
{
"category": "mitigation",
"details": "1. Use general security best practices to protect systems from local and network attacks.\n2. Do not allow direct access to the device from untrusted networks.\n3. Update to the latest firmware according to the table in chapter solutions.\n4. Disable the DHCP, DNS and the FTP port 21.\n5. Industrial control systems (ICS) should not be directly accessible from the Internet, but should be protected by consistently applying the defense-in-depth strategy. The BSI provides general information on securing ICS in the ICS Compendium [BSI2013] and on the official BSI website [BSI2021].\n\nFor fieldbus coupler:\n\n- 750-331\n- 750-352/xxx-xxx\n\nFor PLCs:\n\n- 750-829\n- 750-831/xxx-xxx\n- 750-852\n- 750-880/xxx-xxx\n- 750-881\n- 750-889\n\nThe listed fieldbus coupler and PLCs above are based on Nucleus V1 RTOS. At the moment there are no updates for this version available. Due to this reason WAGO recommends according to the recommendations of the BSI to implement the following measures:\n\n1. Enforce segmentation controls and proper network hygiene to reduce the risk of vulnerable devices. Restrict external communication paths and isolate vulnerable devices in zones as a mitigating measure.\n2. Ensure DHCP responses from non-authorized servers are blocked or discarded.\n3. Monitor network traffic for anomalies and discard invalid packets.\n4. Disable or block FTP, DHCP, DNS especially on critical network segments\n5. Please check regularly https://certvde.com/de/ for an update of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "For fieldbus coupler:\n\n- 750-332\n- 750-362/xxx-xxx\n- 750-363/xxx-xxx\n- 750-364/xxx-xxx\n- 750-365/xxx-xxx\n\nFor PLCs:\n\n- 750-823\n- 750-832/xxx-xxx\n- 750-862\n- 750-890/xxx-xxx\n- 750-891\n- 750-893\n\nWe recommend all effected users to update to the firmware version listed below:\n\n| Article Number | Fixed in Firmware Version | Availability |\n|----------------------|----------------------------|---------------------------|\n| 750-823 | \u003e=FW10 | January 2022 |\n| 750-832/000-00x | \u003e=FW10 | After BACnet certification|\n| 750-862 | \u003e=FW10 | January 2022 |\n| 750-890/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-891 | \u003e=FW10 | January 2022 |\n| 750-893 | \u003e=FW10 | January 2022 |\n| 750-332 | \u003e=FW10 | After BACnet certification|\n| 750-362/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-363/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-364/xxx-xxx | \u003e=FW10 | January 2022 |\n| 750-365/xxx-xxx | \u003e=FW10 | January 2022 |\n\n",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010",
"CSAFPID-31011",
"CSAFPID-31012",
"CSAFPID-31013",
"CSAFPID-31014",
"CSAFPID-31015",
"CSAFPID-31016",
"CSAFPID-31017",
"CSAFPID-31018",
"CSAFPID-31019",
"CSAFPID-31020",
"CSAFPID-31021"
]
}
],
"title": "CVE-2021-31890"
}
]
}
VDE-2021-059
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-01-11 07:00 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: BLUEMARK X1 / LED / CLED printers utilizing the Siemens Nucleus RTOS TCP/IP Stack
Notes
Summary: The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED.
The abovementioned BLUEMARK printers are discontinued and only impacted by a subset of 8 of the 13 discovered vulnerabilities.
Impact: BLUEMARK X1 / LED / CLED printers that are only operated via USB interface are not affected.
In the following, the known security vulnerabilities with the possible effects are described if the BLUEMARK X1 / LED / CLED is operated via network. This means that the effects listed below can only occur if these conditions exist. Please refer to the mitigation section for additional protective measures.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection external link
The DHCP client application assumes that the data supplied with the 'Hostname' DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-ofbound reads, writes, and Denial-of-service conditions.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)
9.1 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
9.1 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
9.1 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — |
References
3 references
Acknowledgments
CERT@VDE
certvde.com
Medigate
Yuval Halaban
Uriel Malin
Tal Zohar
Forescout Technologies
Daniel dos Santos
Amine Amri
Stanislav Dashevskyi
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Yuval Halaban",
"Uriel Malin",
"Tal Zohar"
],
"organization": "Medigate",
"summary": "discovering and reporting."
},
{
"names": [
"Daniel dos Santos",
"Amine Amri",
"Stanislav Dashevskyi"
],
"organization": "Forescout Technologies",
"summary": "discovering and reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "The TCP/IP stack and of the networking component (Nucleus NET) in Nucleus Real-Time Operating System (RTOS) contain several vulnerabilities. Nucleus NET is utilized by BLUEMARK X1 / LED / CLED.\n\nThe abovementioned BLUEMARK printers are discontinued and only impacted by a subset of 8 of the 13 discovered vulnerabilities.",
"title": "Summary"
},
{
"category": "description",
"text": "BLUEMARK X1 / LED / CLED printers that are only operated via USB interface are not affected.\n\nIn the following, the known security vulnerabilities with the possible effects are described if the BLUEMARK X1 / LED / CLED is operated via network. This means that the effects listed below can only occur if these conditions exist. Please refer to the mitigation section for additional protective measures.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection external link",
"title": "Mitigation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2021-059: PHOENIX CONTACT: BLUEMARK X1 / LED / CLED printers utilizing the Siemens Nucleus RTOS TCP/IP Stack - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-059"
},
{
"category": "self",
"summary": "VDE-2021-059: PHOENIX CONTACT: BLUEMARK X1 / LED / CLED printers utilizing the Siemens Nucleus RTOS TCP/IP Stack - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2021-059.json"
}
],
"title": "PHOENIX CONTACT: BLUEMARK X1 / LED / CLED printers utilizing the Siemens Nucleus RTOS TCP/IP Stack",
"tracking": {
"aliases": [
"VDE-2021-059"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-03-24T09:06:50.217Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2021-059",
"initial_release_date": "2022-01-11T07:00:00.000Z",
"revision_history": [
{
"date": "2022-01-11T07:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "BLUEMARK CLED",
"product": {
"name": "BLUEMARK CLED",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"5147999"
]
}
}
},
{
"category": "product_name",
"name": "BLUEMARK LED",
"product": {
"name": "BLUEMARK LED",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"5147888"
]
}
}
},
{
"category": "product_name",
"name": "BLUEMARK X1",
"product": {
"name": "BLUEMARK X1",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"5147777"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
],
"summary": "Affected Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on BLUEMARK CLED",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on BLUEMARK LED",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware vers:all/* installed on BLUEMARK X1",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-31884",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"notes": [
{
"category": "description",
"text": "The DHCP client application assumes that the data supplied with the \u0027Hostname\u0027 DHCP option is\nNULL terminated. In cases when global hostname variable is not defined, this may lead to Out-ofbound reads, writes, and Denial-of-service conditions.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31884"
},
{
"cve": "CVE-2021-31890",
"cwe": {
"id": "CWE-240",
"name": "Improper Handling of Inconsistent Structural Elements"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31890"
},
{
"cve": "CVE-2021-31889",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31889"
},
{
"cve": "CVE-2021-31346",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31346"
},
{
"cve": "CVE-2021-31883",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31883"
},
{
"cve": "CVE-2021-31881",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31881"
},
{
"cve": "CVE-2021-31882",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31882"
},
{
"cve": "CVE-2021-31344",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note: Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003"
]
}
],
"title": "CVE-2021-31344"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…