VAR-202111-1613
Vulnerability from variot - Updated: 2024-10-08 22:03A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-1613",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nucleus readystart v4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.1"
},
{
"model": "apogee modular building controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc compact",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus net",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus source code",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "apogee pxc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "talon tc modular",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "capital vstar",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nucleus readystart v3",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2017.02.1"
},
{
"model": "apogee modular equiment controller",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
}
],
"trust": 0.6
},
"cve": "CVE-2021-31344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-31344",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-31344",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-31344",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2021-31344",
"trust": 1.0,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-855",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"db": "NVD",
"id": "CVE-2021-31344"
},
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31344"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31344",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-620288",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-044112",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-845392",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-223353",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-114589",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-313-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-315-07",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-013-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-069-02",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121648",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011803",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3874",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4289",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3833",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-855",
"trust": 0.6
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"id": "VAR-202111-1613",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.544069276
},
"last_update_date": "2024-10-08T22:03:22.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Siemens Nucleus ReadyStart Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178543"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"trust": 1.0,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3833"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3874"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31344"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4289"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011803"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121648"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031013"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"date": "2021-11-09T12:15:09.087000",
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-855"
},
{
"date": "2024-10-08T09:15:03.490000",
"db": "NVD",
"id": "CVE-2021-31344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Nucleus ReadyStart Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-855"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…