Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2021-31889
Vulnerability from cvelistv5
Published
2021-11-09 11:32
Modified
2025-03-11 09:47
Severity ?
EPSS score ?
0.71%
(0.71057)
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Capital Embedded AR Classic 431-422 |
Version: 0 < * |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.703Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Capital Embedded AR Classic 431-422", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Capital Embedded AR Classic R20-11", vendor: "Siemens", versions: [ { lessThan: "V2303", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "PLUSCONTROL 1st Gen", vendor: "Siemens", versions: [ { status: "affected", version: "All versions", }, ], }, { defaultStatus: "unknown", product: "SIMOTICS CONNECT 400", vendor: "Siemens", versions: [ { status: "affected", version: "All versions < V0.5.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T09:47:45.226Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-114589.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-044112.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-845392.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-223353.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2021-31889", datePublished: "2021-11-09T11:32:01", dateReserved: "2021-04-29T00:00:00", dateUpdated: "2025-03-11T09:47:45.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-31889\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-11-09T12:15:09.693\",\"lastModified\":\"2024-11-21T06:06:26.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet habilitadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22. 1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02. 4), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). Los paquetes TCP malformados con una opción SACK corrupta provocan fugas de información y condiciones de denegación de servicio. (FSMD-2021-0015)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A987CFB-4A41-4F82-8C7F-31DE8F0650DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2017.02.3\",\"matchCriteriaId\":\"EC33F30E-EEA1-452E-8EFE-28ADA88E3F56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DAF9C3-B56A-4F40-B90B-D0DE96869A44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACCB699F-4F10-47BD-8890-047380972BE1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7945BF7D-AB3A-4285-9C58-D56149ADFC15\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"105A6FFB-1176-4021-868D-3D6CE77113B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BE40AF-B7A4-498A-943E-11AA9393A3D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CA14719-C655-4BED-AE8D-B9C983847AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3470FD-BEBE-465F-A189-F4CEDD0F6815\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60FAD4D8-54FA-4721-954E-4AD77020B189\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F978E7-3DD9-4948-BFFB-E7273003477B\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-044112.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-114589.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-223353.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-620288.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-845392.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
ICSA-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-11 00:00
Modified
2022-05-12 00:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow denial-of-service conditions, remote code execution, information leaks, and out-of-bounds reads and writes.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could allow denial-of-service conditions, remote code execution, information leaks, and out-of-bounds reads and writes.", title: "Risk evaluation", }, { category: "other", text: "Critical Manufacturing", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json", }, { category: "self", summary: "ICS Advisory ICSA-21-315-07 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json", }, { category: "self", summary: "ICS Advisory ICSA-21-315-07 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07", }, { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt", }, ], title: "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)", tracking: { current_release_date: "2022-05-12T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-315-07", initial_release_date: "2021-11-11T00:00:00.000000Z", revision_history: [ { date: "2021-11-11T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON", }, { date: "2021-12-16T00:00:00.000000Z", legacy_version: "A", number: "2", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update A)", }, { date: "2022-04-14T00:00:00.000000Z", legacy_version: "B", number: "3", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update B)", }, { date: "2022-05-12T00:00:00.000000Z", legacy_version: "C", number: "4", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update C)", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MBC (PPC) (BACnet)", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "APOGEE MBC (PPC) (BACnet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MBC (PPC) (P2 Ethernet)", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "APOGEE MBC (PPC) (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MEC (PPC) (BACnet)", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "APOGEE MEC (PPC) (BACnet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MEC (PPC) (P2 Ethernet)", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "APOGEE MEC (PPC) (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "APOGEE PXC Compact (BACnet)", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "APOGEE PXC Compact (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V2.8.19", product: { name: "APOGEE PXC Compact (P2 Ethernet)", product_id: "CSAFPID-0006", }, }, ], category: "product_name", name: "APOGEE PXC Compact (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "APOGEE PXC Modular (BACnet)", product_id: "CSAFPID-0007", }, }, ], category: "product_name", name: "APOGEE PXC Modular (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V2.8.19", product: { name: "APOGEE PXC Modular (P2 Ethernet)", product_id: "CSAFPID-0008", }, }, ], category: "product_name", name: "APOGEE PXC Modular (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC00-E.D", product_id: "CSAFPID-0009", }, }, ], category: "product_name", name: "Desigo PXC00-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC00-U", product_id: "CSAFPID-00010", }, }, ], category: "product_name", name: "Desigo PXC00-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC001-E.D", product_id: "CSAFPID-00011", }, }, ], category: "product_name", name: "Desigo PXC001-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC12-E.D", product_id: "CSAFPID-00012", }, }, ], category: "product_name", name: "Desigo PXC12-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC22-E.D", product_id: "CSAFPID-00013", }, }, ], category: "product_name", name: "Desigo PXC22-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC22.1-E.D", product_id: "CSAFPID-00014", }, }, ], category: "product_name", name: "Desigo PXC22.1-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC36.1-E.D", product_id: "CSAFPID-00015", }, }, ], category: "product_name", name: "Desigo PXC36.1-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC50-E.D", product_id: "CSAFPID-00016", }, }, ], category: "product_name", name: "Desigo PXC50-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC64-U", product_id: "CSAFPID-00017", }, }, ], category: "product_name", name: "Desigo PXC64-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC100-E.D", product_id: "CSAFPID-00018", }, }, ], category: "product_name", name: "Desigo PXC100-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC128-U", product_id: "CSAFPID-00019", }, }, ], category: "product_name", name: "Desigo PXC128-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC200-E.D", product_id: "CSAFPID-00020", }, }, ], category: "product_name", name: "Desigo PXC200-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXM20-E", product_id: "CSAFPID-00021", }, }, ], category: "product_name", name: "Desigo PXM20-E", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "TALON TC Compact (BACnet)", product_id: "CSAFPID-00022", }, }, ], category: "product_name", name: "TALON TC Compact (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "TALON TC Modular (BACnet)", product_id: "CSAFPID-00023", }, }, ], category: "product_name", name: "TALON TC Modular (BACnet)", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004). CVE-2021-31344 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31344 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006). CVE-2021-31345 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31345 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007). CVE-2021-31346 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31346 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008). CVE-2021-31881 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31881 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011). CVE-2021-31882 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31882 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013). CVE-2021-31883 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31883 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31884", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014). CVE-2021-31884 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31884 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31884", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31884", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). CVE-2021-31885 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31885 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31886", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010). CVE-2021-31886 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31886 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31886", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31886", }, { cve: "CVE-2021-31887", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016). CVE-2021-31887 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31887 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31887", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31887", }, { cve: "CVE-2021-31888", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018). CVE-2021-31888 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31888 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31888", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31888", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015). CVE-2021-31889 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31889 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017). CVE-2021-31890 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31890 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31890", }, ], }
ICSA-22-069-02
Vulnerability from csaf_cisa
Published
2022-03-10 00:00
Modified
2022-03-10 00:00
Summary
Siemens SIMOTICS CONNECT 400
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could lead to information leaks or a denial-of-service condition.
Critical infrastructure sectors
Energy
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could lead to information leaks or a denial-of-service condition.", title: "Risk evaluation", }, { category: "other", text: "Energy", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-223353.json", }, { category: "self", summary: "ICS Advisory ICSA-22-069-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-02.json", }, { category: "self", summary: "ICS Advisory ICSA-22-069-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-02", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-223353.txt", }, ], title: "Siemens SIMOTICS CONNECT 400", tracking: { current_release_date: "2022-03-10T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-22-069-02", initial_release_date: "2022-03-10T00:00:00.000000Z", revision_history: [ { date: "2022-03-10T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-22-069-02 Siemens SIMOTICS CONNECT 400", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "< V0.5.0.0", product: { name: "SIMOTICS CONNECT 400", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SIMOTICS CONNECT 400", }, { branches: [ { category: "product_version_range", name: "< V1.0.0.0", product: { name: "SIMOTICS CONNECT 400", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "SIMOTICS CONNECT 400", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31344 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31344 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31346 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31346 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31889 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31890 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31890 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31890", }, ], }
ICSA-21-350-06
Vulnerability from csaf_cisa
Published
2021-12-16 00:00
Modified
2021-12-16 00:00
Summary
Siemens Capital VSTAR
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could be leveraged by an attacker to initiate a crash, information leak, denial-of-service conditions, or remote code execution.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could be leveraged by an attacker to initiate a crash, information leak, denial-of-service conditions, or remote code execution.", title: "Risk evaluation", }, { category: "other", text: "Critical Manufacturing", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json", }, { category: "self", summary: "ICS Advisory ICSA-21-350-06 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-06.json", }, { category: "self", summary: "ICS Advisory ICSA-21-350-06 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-06", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-620288.txt", }, ], title: "Siemens Capital VSTAR", tracking: { current_release_date: "2021-12-16T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-350-06", initial_release_date: "2021-12-16T00:00:00.000000Z", revision_history: [ { date: "2021-12-16T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-350-06 Siemens CAPITAL VSTAR", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "All versions with enabled Ethernet options", product: { name: "Capital VSTAR", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Capital VSTAR", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004). CVE-2021-31344 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "CSAFPID-0001", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006). CVE-2021-31345 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007). CVE-2021-31346 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008). CVE-2021-31881 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "CSAFPID-0001", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011). CVE-2021-31882 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013). CVE-2021-31883 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015). CVE-2021-31889 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017). CVE-2021-31890 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31890", }, ], }
ICSA-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2021-11-09 00:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an information leakage, or remote code execution.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { names: [ "Daniel dos Santos", "Stanislav Dashevskyi", "Amine Amri", ], organization: "Forescout Research Labs", summary: "reporting these vulnerabilities to CISA", }, { names: [ "Uriel Malin", "Tal Zohar", ], organization: "Medigate", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an information leakage, or remote code execution.", title: "Risk evaluation", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json", }, { category: "self", summary: "ICS Advisory ICSA-21-313-03 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json", }, { category: "self", summary: "ICS Advisory ICSA-21-313-03 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt", }, ], title: "Siemens Nucleus RTOS TCP/IP Stack", tracking: { current_release_date: "2021-11-09T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-313-03", initial_release_date: "2021-11-09T00:00:00.000000Z", revision_history: [ { date: "2021-11-09T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-313-03 Siemens Nucleus RTOS TCP-IP Stack ", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Nucleus NET", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Nucleus NET", }, { branches: [ { category: "product_version_range", name: "< V2017.02.4", product: { name: "Nucleus ReadyStart V3", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Nucleus ReadyStart V3", }, { branches: [ { category: "product_version_range", name: "< V4.1.1", product: { name: "Nucleus ReadyStart V4", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Nucleus ReadyStart V4", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Nucleus Source Code", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Nucleus Source Code", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31344 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31344 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31345 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31346 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31346 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31881 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31881 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31882 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31882 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31883 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31883 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31884", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31884 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31884 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31884", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31884", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31885 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31885 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31886", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31886 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31886 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31886", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31886", }, { cve: "CVE-2021-31887", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31887 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31887 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31887", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31887", }, { cve: "CVE-2021-31888", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31888 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31888 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31888", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31888", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31889 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31890 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31890 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31890", }, ], }
icsa-21-313-03
Vulnerability from csaf_cisa
Published
2021-11-09 00:00
Modified
2021-11-09 00:00
Summary
Siemens Nucleus RTOS TCP/IP Stack
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an information leakage, or remote code execution.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { names: [ "Daniel dos Santos", "Stanislav Dashevskyi", "Amine Amri", ], organization: "Forescout Research Labs", summary: "reporting these vulnerabilities to CISA", }, { names: [ "Uriel Malin", "Tal Zohar", ], organization: "Medigate", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow an information leakage, or remote code execution.", title: "Risk evaluation", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-044112.json", }, { category: "self", summary: "ICS Advisory ICSA-21-313-03 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-313-03.json", }, { category: "self", summary: "ICS Advisory ICSA-21-313-03 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { category: "external", summary: "SSA-044112: Multiple Vulnerabilities (NUCLEUS:13) in the TCP/IP Stack of Nucleus RTOS - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-044112.txt", }, ], title: "Siemens Nucleus RTOS TCP/IP Stack", tracking: { current_release_date: "2021-11-09T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-313-03", initial_release_date: "2021-11-09T00:00:00.000000Z", revision_history: [ { date: "2021-11-09T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-313-03 Siemens Nucleus RTOS TCP-IP Stack ", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Nucleus NET", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Nucleus NET", }, { branches: [ { category: "product_version_range", name: "< V2017.02.4", product: { name: "Nucleus ReadyStart V3", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "Nucleus ReadyStart V3", }, { branches: [ { category: "product_version_range", name: "< V4.1.1", product: { name: "Nucleus ReadyStart V4", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "Nucleus ReadyStart V4", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Nucleus Source Code", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "Nucleus Source Code", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31344 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31344 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31345 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31346 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31346 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31881 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31881 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31882 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31882 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31883 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31883 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31884", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31884 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31884 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31884", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31884", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31885 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31885 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31886", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31886 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31886 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31886", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31886", }, { cve: "CVE-2021-31887", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31887 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31887 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31887", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31887", }, { cve: "CVE-2021-31888", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31888 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31888 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31888", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31888", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31889 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0004", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, references: [ { summary: "CVE-2021-31890 - Nucleus ReadyStart V3", url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { summary: "CVE-2021-31890 - Nucleus ReadyStart V4", url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "Update to the latest version of Nucleus ReadyStart V3 or V4", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Contact customer support or your local Nucleus Sales team for mitigation advice", product_ids: [ "CSAFPID-0001", ], }, { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "vendor_fix", details: "Update to V2017.02.4 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.sw.siemens.com/en-US/product/1009925838/", }, { category: "vendor_fix", details: "Update to V4.1.1 or later version", product_ids: [ "CSAFPID-0003", ], url: "https://support.sw.siemens.com/en-US/product/1336134128/", }, { category: "vendor_fix", details: "Contact customer support to receive patch and update information", product_ids: [ "CSAFPID-0004", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\n\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, ], title: "CVE-2021-31890", }, ], }
ICSA-22-013-03
Vulnerability from csaf_cisa
Published
2022-01-13 00:00
Modified
2022-01-13 00:00
Summary
Siemens Energy PLUSCONTROL
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could result in access to TFTP memory buffer contents, information leaks, and denial-of-service conditions.
Critical infrastructure sectors
Multiple Sectors
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could result in access to TFTP memory buffer contents, information leaks, and denial-of-service conditions.", title: "Risk evaluation", }, { category: "other", text: "Multiple Sectors", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-845392.json", }, { category: "self", summary: "ICS Advisory ICSA-22-013-03 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-013-03.json", }, { category: "self", summary: "ICS Advisory ICSA-22-013-03 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-013-03", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-845392.txt", }, ], title: "Siemens Energy PLUSCONTROL", tracking: { current_release_date: "2022-01-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-22-013-03", initial_release_date: "2022-01-13T00:00:00.000000Z", revision_history: [ { date: "2022-01-13T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-22-013-03 Siemens Energy PLUSCONTROL", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "PLUSCONTROL 1st Gen", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "PLUSCONTROL 1st Gen", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31890", }, ], }
icsa-22-013-03
Vulnerability from csaf_cisa
Published
2022-01-13 00:00
Modified
2022-01-13 00:00
Summary
Siemens Energy PLUSCONTROL
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could result in access to TFTP memory buffer contents, information leaks, and denial-of-service conditions.
Critical infrastructure sectors
Multiple Sectors
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could result in access to TFTP memory buffer contents, information leaks, and denial-of-service conditions.", title: "Risk evaluation", }, { category: "other", text: "Multiple Sectors", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-845392.json", }, { category: "self", summary: "ICS Advisory ICSA-22-013-03 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-013-03.json", }, { category: "self", summary: "ICS Advisory ICSA-22-013-03 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-013-03", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { category: "external", summary: "SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-845392.txt", }, ], title: "Siemens Energy PLUSCONTROL", tracking: { current_release_date: "2022-01-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-22-013-03", initial_release_date: "2022-01-13T00:00:00.000000Z", revision_history: [ { date: "2022-01-13T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-22-013-03 Siemens Energy PLUSCONTROL", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "PLUSCONTROL 1st Gen", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "PLUSCONTROL 1st Gen", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no remediation is planned", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "PLUSCONTROL devices are typically located in a separate LAN segment of energy transmission solutions, where an attacker could use these vulnerabilities to disrupt SER messages or Trace functionalities. Therefore, review the status of the defense in depth recommendations that apply to your specific deployment and align as needed. Especially the measures on the network layer to prevent accessibility from other network segments.", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.\n\nSiemens Energy strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens Energy strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.\n\nAs a general security measure Siemens Energy strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31890", }, ], }
icsa-21-350-06
Vulnerability from csaf_cisa
Published
2021-12-16 00:00
Modified
2021-12-16 00:00
Summary
Siemens Capital VSTAR
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could be leveraged by an attacker to initiate a crash, information leak, denial-of-service conditions, or remote code execution.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could be leveraged by an attacker to initiate a crash, information leak, denial-of-service conditions, or remote code execution.", title: "Risk evaluation", }, { category: "other", text: "Critical Manufacturing", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json", }, { category: "self", summary: "ICS Advisory ICSA-21-350-06 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-350-06.json", }, { category: "self", summary: "ICS Advisory ICSA-21-350-06 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-350-06", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { category: "external", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in CAPITAL VSTAR - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-620288.txt", }, ], title: "Siemens Capital VSTAR", tracking: { current_release_date: "2021-12-16T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-350-06", initial_release_date: "2021-12-16T00:00:00.000000Z", revision_history: [ { date: "2021-12-16T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-350-06 Siemens CAPITAL VSTAR", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "All versions with enabled Ethernet options", product: { name: "Capital VSTAR", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "Capital VSTAR", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004). CVE-2021-31344 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "CSAFPID-0001", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006). CVE-2021-31345 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007). CVE-2021-31346 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008). CVE-2021-31881 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "CSAFPID-0001", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011). CVE-2021-31882 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013). CVE-2021-31883 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015). CVE-2021-31889 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017). CVE-2021-31890 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "none_available", details: "Currently no fix is available", product_ids: [ "CSAFPID-0001", ], }, { category: "mitigation", details: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31890", }, ], }
icsa-21-315-07
Vulnerability from csaf_cisa
Published
2021-11-11 00:00
Modified
2022-05-12 00:00
Summary
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow denial-of-service conditions, remote code execution, information leaks, and out-of-bounds reads and writes.
Critical infrastructure sectors
Critical Manufacturing
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could allow denial-of-service conditions, remote code execution, information leaks, and out-of-bounds reads and writes.", title: "Risk evaluation", }, { category: "other", text: "Critical Manufacturing", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json", }, { category: "self", summary: "ICS Advisory ICSA-21-315-07 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-315-07.json", }, { category: "self", summary: "ICS Advisory ICSA-21-315-07 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07", }, { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { category: "external", summary: "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt", }, ], title: "Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)", tracking: { current_release_date: "2022-05-12T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-21-315-07", initial_release_date: "2021-11-11T00:00:00.000000Z", revision_history: [ { date: "2021-11-11T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON", }, { date: "2021-12-16T00:00:00.000000Z", legacy_version: "A", number: "2", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update A)", }, { date: "2022-04-14T00:00:00.000000Z", legacy_version: "B", number: "3", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update B)", }, { date: "2022-05-12T00:00:00.000000Z", legacy_version: "C", number: "4", summary: "ICSA-21-315-07 Siemens Nucleus RTOS-based APOGEE and TALON (Update C)", }, ], status: "final", version: "4", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MBC (PPC) (BACnet)", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "APOGEE MBC (PPC) (BACnet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MBC (PPC) (P2 Ethernet)", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "APOGEE MBC (PPC) (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MEC (PPC) (BACnet)", product_id: "CSAFPID-0003", }, }, ], category: "product_name", name: "APOGEE MEC (PPC) (BACnet)", }, { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "APOGEE MEC (PPC) (P2 Ethernet)", product_id: "CSAFPID-0004", }, }, ], category: "product_name", name: "APOGEE MEC (PPC) (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "APOGEE PXC Compact (BACnet)", product_id: "CSAFPID-0005", }, }, ], category: "product_name", name: "APOGEE PXC Compact (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V2.8.19", product: { name: "APOGEE PXC Compact (P2 Ethernet)", product_id: "CSAFPID-0006", }, }, ], category: "product_name", name: "APOGEE PXC Compact (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "APOGEE PXC Modular (BACnet)", product_id: "CSAFPID-0007", }, }, ], category: "product_name", name: "APOGEE PXC Modular (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V2.8.19", product: { name: "APOGEE PXC Modular (P2 Ethernet)", product_id: "CSAFPID-0008", }, }, ], category: "product_name", name: "APOGEE PXC Modular (P2 Ethernet)", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC00-E.D", product_id: "CSAFPID-0009", }, }, ], category: "product_name", name: "Desigo PXC00-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC00-U", product_id: "CSAFPID-00010", }, }, ], category: "product_name", name: "Desigo PXC00-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC001-E.D", product_id: "CSAFPID-00011", }, }, ], category: "product_name", name: "Desigo PXC001-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC12-E.D", product_id: "CSAFPID-00012", }, }, ], category: "product_name", name: "Desigo PXC12-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC22-E.D", product_id: "CSAFPID-00013", }, }, ], category: "product_name", name: "Desigo PXC22-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC22.1-E.D", product_id: "CSAFPID-00014", }, }, ], category: "product_name", name: "Desigo PXC22.1-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC36.1-E.D", product_id: "CSAFPID-00015", }, }, ], category: "product_name", name: "Desigo PXC36.1-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC50-E.D", product_id: "CSAFPID-00016", }, }, ], category: "product_name", name: "Desigo PXC50-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC64-U", product_id: "CSAFPID-00017", }, }, ], category: "product_name", name: "Desigo PXC64-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC100-E.D", product_id: "CSAFPID-00018", }, }, ], category: "product_name", name: "Desigo PXC100-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC128-U", product_id: "CSAFPID-00019", }, }, ], category: "product_name", name: "Desigo PXC128-U", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXC200-E.D", product_id: "CSAFPID-00020", }, }, ], category: "product_name", name: "Desigo PXC200-E.D", }, { branches: [ { category: "product_version_range", name: ">= V2.3 and < V6.30.016", product: { name: "Desigo PXM20-E", product_id: "CSAFPID-00021", }, }, ], category: "product_name", name: "Desigo PXM20-E", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "TALON TC Compact (BACnet)", product_id: "CSAFPID-00022", }, }, ], category: "product_name", name: "TALON TC Compact (BACnet)", }, { branches: [ { category: "product_version_range", name: "< V3.5.4", product: { name: "TALON TC Modular (BACnet)", product_id: "CSAFPID-00023", }, }, ], category: "product_name", name: "TALON TC Modular (BACnet)", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004). CVE-2021-31344 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31344 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006). CVE-2021-31345 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31345 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31345 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31345", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007). CVE-2021-31346 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31346 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008). CVE-2021-31881 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31881 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31881 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31881", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011). CVE-2021-31882 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31882 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31882 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31882", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013). CVE-2021-31883 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31883 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31883 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31883", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31884", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014). CVE-2021-31884 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31884 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31884 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31884", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31884", }, { cve: "CVE-2021-31885", cwe: { id: "CWE-805", name: "Buffer Access with Incorrect Length Value", }, notes: [ { category: "summary", text: "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). CVE-2021-31885 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31885 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31885 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31885", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31885", }, { cve: "CVE-2021-31886", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010). CVE-2021-31886 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31886 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31886 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31886", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31886", }, { cve: "CVE-2021-31887", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016). CVE-2021-31887 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31887 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31887 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31887", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31887", }, { cve: "CVE-2021-31888", cwe: { id: "CWE-170", name: "Improper Null Termination", }, notes: [ { category: "summary", text: "FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018). CVE-2021-31888 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31888 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31888 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31888", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31888", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015). CVE-2021-31889 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31889 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017). CVE-2021-31890 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, references: [ { summary: "CVE-2021-31890 - Desigo PXC00-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC00-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC001-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC12-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC22-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC22.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC36.1-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC50-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC64-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC100-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC128-U", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXC200-E.D", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 - Desigo PXM20-E", url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "no_fix_planned", details: "Currently no fix is planned", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", ], }, { category: "vendor_fix", details: "Update to V3.5.4 or later version", product_ids: [ "CSAFPID-0005", "CSAFPID-0007", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "vendor_fix", details: "Update to V2.8.19 or later version", product_ids: [ "CSAFPID-0006", "CSAFPID-0008", ], }, { category: "vendor_fix", details: "Update to V6.30.016 or later version", product_ids: [ "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109810577", }, { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", "CSAFPID-0003", "CSAFPID-0004", "CSAFPID-0005", "CSAFPID-0006", "CSAFPID-0007", "CSAFPID-0008", "CSAFPID-0009", "CSAFPID-00010", "CSAFPID-00011", "CSAFPID-00012", "CSAFPID-00013", "CSAFPID-00014", "CSAFPID-00015", "CSAFPID-00016", "CSAFPID-00017", "CSAFPID-00018", "CSAFPID-00019", "CSAFPID-00020", "CSAFPID-00021", "CSAFPID-00022", "CSAFPID-00023", ], }, ], title: "CVE-2021-31890", }, ], }
icsa-22-069-02
Vulnerability from csaf_cisa
Published
2022-03-10 00:00
Modified
2022-03-10 00:00
Summary
Siemens SIMOTICS CONNECT 400
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could lead to information leaks or a denial-of-service condition.
Critical infrastructure sectors
Energy
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Exploitability
No known public exploits specifically target these vulnerabilities.
{ document: { acknowledgments: [ { organization: "Siemens", summary: "reporting these vulnerabilities to CISA", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en-US", notes: [ { category: "general", text: "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", title: "CISA Disclaimer", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "summary", text: "Successful exploitation of these vulnerabilities could lead to information leaks or a denial-of-service condition.", title: "Risk evaluation", }, { category: "other", text: "Energy", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "other", text: "No known public exploits specifically target these vulnerabilities.", title: "Exploitability", }, ], publisher: { category: "coordinator", contact_details: "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-223353.json", }, { category: "self", summary: "ICS Advisory ICSA-22-069-02 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-069-02.json", }, { category: "self", summary: "ICS Advisory ICSA-22-069-02 Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-22-069-02", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { category: "external", summary: "SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-223353.txt", }, ], title: "Siemens SIMOTICS CONNECT 400", tracking: { current_release_date: "2022-03-10T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-22-069-02", initial_release_date: "2022-03-10T00:00:00.000000Z", revision_history: [ { date: "2022-03-10T00:00:00.000000Z", legacy_version: "Initial", number: "1", summary: "ICSA-22-069-02 Siemens SIMOTICS CONNECT 400", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "< V0.5.0.0", product: { name: "SIMOTICS CONNECT 400", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SIMOTICS CONNECT 400", }, { branches: [ { category: "product_version_range", name: "< V1.0.0.0", product: { name: "SIMOTICS CONNECT 400", product_id: "CSAFPID-0002", }, }, ], category: "product_name", name: "SIMOTICS CONNECT 400", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31344 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31344 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31344 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31344", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31346 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31346 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31346 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31346", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, references: [ { summary: "CVE-2021-31889 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31889 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31889", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", "CSAFPID-0002", ], }, references: [ { summary: "CVE-2021-31890 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31890 - SIMOTICS CONNECT 400", url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { summary: "CVE-2021-31890 Mitre 5.0 json", url: "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json", }, { category: "external", summary: "web.nvd.nist.gov", url: "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31890", }, { category: "external", summary: "www.first.org", url: "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }, ], remediations: [ { category: "vendor_fix", details: "Update to V0.5.0.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "vendor_fix", details: "Update to V1.0.0.0 or later version", product_ids: [ "CSAFPID-0002", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109778383/", }, { category: "mitigation", details: "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.", product_ids: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", "CSAFPID-0002", ], }, ], title: "CVE-2021-31890", }, ], }
ssa-620288
Vulnerability from csaf_siemens
Published
2021-12-14 00:00
Modified
2024-10-08 00:00
Summary
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { category: "self", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json", }, ], title: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic", tracking: { current_release_date: "2024-10-08T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-620288", initial_release_date: "2021-12-14T00:00:00Z", revision_history: [ { date: "2021-12-14T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2022-11-08T00:00:00Z", legacy_version: "1.1", number: "2", summary: "Removed CVE-2021-31884 as Capital VSTAR is not affected", }, { date: "2024-10-08T00:00:00Z", legacy_version: "1.2", number: "3", summary: "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11", }, ], status: "interim", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Capital Embedded AR Classic 431-422", product_id: "1", }, }, ], category: "product_name", name: "Capital Embedded AR Classic 431-422", }, { branches: [ { category: "product_version_range", name: "vers:all/<V2303", product: { name: "Capital Embedded AR Classic R20-11", product_id: "2", }, }, ], category: "product_name", name: "Capital Embedded AR Classic R20-11", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31890", }, ], }
SSA-620288
Vulnerability from csaf_siemens
Published
2021-12-14 00:00
Modified
2024-10-08 00:00
Summary
SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic
Notes
Summary
Multiple vulnerabilities (also known as "NUCLEUS:13") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112:
https://cert-portal.siemens.com/productcert/html/ssa-044112.html.
Capital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.
Siemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have be identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: \nhttps://cert-portal.siemens.com/productcert/html/ssa-044112.html.\nCapital Embedded AR Classic uses an affected version of the Nucleus software and inherently contains several of these vulnerabilities.\n\nSiemens has released a new version for Capital Embedded AR Classic R20-11 and recommends to update to the latest version. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { category: "self", summary: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-620288.json", }, ], title: "SSA-620288: Multiple Vulnerabilities (NUCLEUS:13) in Capital Embedded AR Classic", tracking: { current_release_date: "2024-10-08T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-620288", initial_release_date: "2021-12-14T00:00:00Z", revision_history: [ { date: "2021-12-14T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2022-11-08T00:00:00Z", legacy_version: "1.1", number: "2", summary: "Removed CVE-2021-31884 as Capital VSTAR is not affected", }, { date: "2024-10-08T00:00:00Z", legacy_version: "1.2", number: "3", summary: "Renamed Capital VSTAR to Capital Embedded AR Classic; added fix for version line R20-11", }, ], status: "interim", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:all/*", product: { name: "Capital Embedded AR Classic 431-422", product_id: "1", }, }, ], category: "product_name", name: "Capital Embedded AR Classic 431-422", }, { branches: [ { category: "product_version_range", name: "vers:all/<V2303", product: { name: "Capital Embedded AR Classic R20-11", product_id: "2", }, }, ], category: "product_name", name: "Capital Embedded AR Classic R20-11", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2021-31344", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31344", }, { cve: "CVE-2021-31345", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31345", }, { cve: "CVE-2021-31346", cwe: { id: "CWE-1284", name: "Improper Validation of Specified Quantity in Input", }, notes: [ { category: "summary", text: "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31346", }, { cve: "CVE-2021-31881", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31881", }, { cve: "CVE-2021-31882", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31882", }, { cve: "CVE-2021-31883", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883: Disable DHCP client functionality, if feature not used, by deselecting the TcpIpIpV4General/TcpIpDhcpClientEnabled Pre-Compile configuration option", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31883", }, { cve: "CVE-2021-31889", cwe: { id: "CWE-191", name: "Integer Underflow (Wrap or Wraparound)", }, notes: [ { category: "summary", text: "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31889", }, { cve: "CVE-2021-31890", cwe: { id: "CWE-240", name: "Improper Handling of Inconsistent Structural Elements", }, notes: [ { category: "summary", text: "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", title: "Summary", }, ], product_status: { known_affected: [ "1", "2", ], }, remediations: [ { category: "mitigation", details: "CVE-2021-31344, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890: Apply network segmentation and put the ECUs behind properly configured gateways/firewalls", product_ids: [ "1", "2", ], }, { category: "none_available", details: "Currently no fix is available", product_ids: [ "1", ], }, { category: "vendor_fix", details: "Update to V2303 or later version", product_ids: [ "2", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", "2", ], }, ], title: "CVE-2021-31890", }, ], }
gsd-2021-31889
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
Aliases
Aliases
{ GSD: { alias: "CVE-2021-31889", description: "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", id: "GSD-2021-31889", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-31889", ], details: "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", id: "GSD-2021-31889", modified: "2023-12-13T01:23:13.508015Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-31889", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "APOGEE MBC (PPC) (BACnet)", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "APOGEE MBC (PPC) (P2 Ethernet)", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "APOGEE MEC (PPC) (BACnet)", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "APOGEE MEC (PPC) (P2 Ethernet)", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "APOGEE PXC Compact (BACnet)", version: { version_data: [ { version_value: "All versions < V3.5.4", }, ], }, }, { product_name: "APOGEE PXC Compact (P2 Ethernet)", version: { version_data: [ { version_value: "All versions < V2.8.19", }, ], }, }, { product_name: "APOGEE PXC Modular (BACnet)", version: { version_data: [ { version_value: "All versions < V3.5.4", }, ], }, }, { product_name: "APOGEE PXC Modular (P2 Ethernet)", version: { version_data: [ { version_value: "All versions < V2.8.19", }, ], }, }, { product_name: "Capital VSTAR", version: { version_data: [ { version_value: "All versions with enabled Ethernet options", }, ], }, }, { product_name: "Desigo PXC00-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC00-U", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC001-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC100-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC12-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC128-U", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC200-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC22-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC22.1-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC36.1-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC50-E.D", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXC64-U", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Desigo PXM20-E", version: { version_data: [ { version_value: "All versions >= V2.3 and < V6.30.016", }, ], }, }, { product_name: "Nucleus NET", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "Nucleus ReadyStart V3", version: { version_data: [ { version_value: "All versions < V2017.02.4", }, ], }, }, { product_name: "Nucleus Source Code", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "PLUSCONTROL 1st Gen", version: { version_data: [ { version_value: "All versions", }, ], }, }, { product_name: "SIMOTICS CONNECT 400", version: { version_data: [ { version_value: "All versions < V0.5.0.0", }, ], }, }, { product_name: "TALON TC Compact (BACnet)", version: { version_data: [ { version_value: "All versions < V3.5.4", }, ], }, }, { product_name: "TALON TC Modular (BACnet)", version: { version_data: [ { version_value: "All versions < V3.5.4", }, ], }, }, ], }, vendor_name: "Siemens", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-191: Integer Underflow (Wrap or Wraparound)", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", refsource: "MISC", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "2017.02.3", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "productcert@siemens.com", ID: "CVE-2021-31889", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-191", }, ], }, ], }, references: { reference_data: [ { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { name: "N/A", refsource: "CONFIRM", tags: [], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", refsource: "MISC", tags: [], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { name: "N/A", refsource: "CONFIRM", tags: [], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, }, }, lastModifiedDate: "2022-05-20T13:15Z", publishedDate: "2021-11-09T12:15Z", }, }, }
var-202111-1615
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1615", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nucleus readystart v3", scope: "lt", trust: 1, vendor: "siemens", version: "2017.02.3", }, { model: "apogee modular building controller", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "talon tc compact", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "apogee pxc compact", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "nucleus net", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "nucleus source code", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "apogee pxc modular", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "talon tc modular", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "capital vstar", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, { model: "apogee modular equiment controller", scope: "eq", trust: 1, vendor: "siemens", version: "*", }, ], sources: [ { db: "NVD", id: "CVE-2021-31889", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens reported these vulnerabilities to CISA.", sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, ], trust: 0.6, }, cve: "CVE-2021-31889", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "CVE-2021-31889", impactScore: 4.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, id: "CVE-2021-31889", impactScore: 5.2, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "productcert@siemens.com", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 3.9, id: "CVE-2021-31889", impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2021-31889", trust: 1, value: "CRITICAL", }, { author: "productcert@siemens.com", id: "CVE-2021-31889", trust: 1, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-202111-837", trust: 0.6, value: "CRITICAL", }, ], }, ], sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, { db: "NVD", id: "CVE-2021-31889", }, { db: "NVD", id: "CVE-2021-31889", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", sources: [ { db: "NVD", id: "CVE-2021-31889", }, ], trust: 1, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-31889", trust: 1.6, }, { db: "SIEMENS", id: "SSA-620288", trust: 1.6, }, { db: "SIEMENS", id: "SSA-044112", trust: 1.6, }, { db: "SIEMENS", id: "SSA-845392", trust: 1.6, }, { db: "SIEMENS", id: "SSA-223353", trust: 1.6, }, { db: "SIEMENS", id: "SSA-114589", trust: 1.6, }, { db: "AUSCERT", id: "ESB-2022.0094", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3874", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.4289", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2021.3833", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-22-013-03", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-22-069-02", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-21-350-06", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-21-313-03", trust: 0.6, }, { db: "ICS CERT", id: "ICSA-21-315-07", trust: 0.6, }, { db: "CS-HELP", id: "SB2021111003", trust: 0.6, }, { db: "CS-HELP", id: "SB2021121648", trust: 0.6, }, { db: "CS-HELP", id: "SB2022011803", trust: 0.6, }, { db: "CS-HELP", id: "SB2022031014", trust: 0.6, }, { db: "CS-HELP", id: "SB2022010910", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202111-837", trust: 0.6, }, ], sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, { db: "NVD", id: "CVE-2021-31889", }, ], }, id: "VAR-202111-1615", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.544069276, }, last_update_date: "2024-10-08T20:42:01.527000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "siemens Nucleus Fixes for digital error vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185268", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-191", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2021-31889", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { trust: 1.6, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { trust: 1, url: "https://cert-portal.siemens.com/productcert/html/ssa-044112.html", }, { trust: 1, url: "https://cert-portal.siemens.com/productcert/html/ssa-114589.html", }, { trust: 1, url: "https://cert-portal.siemens.com/productcert/html/ssa-223353.html", }, { trust: 1, url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { trust: 1, url: "https://cert-portal.siemens.com/productcert/html/ssa-845392.html", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021111003", }, { trust: 0.6, url: "https://source.android.com/security/bulletin/2022-01-01", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2022.0094", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3833", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.3874", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2021.4289", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011803", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021121648", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022010910", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022031014", }, { trust: 0.6, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03", }, ], sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, { db: "NVD", id: "CVE-2021-31889", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNNVD", id: "CNNVD-202111-837", }, { db: "NVD", id: "CVE-2021-31889", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-09T00:00:00", db: "CNNVD", id: "CNNVD-202111-837", }, { date: "2021-11-09T12:15:09.693000", db: "NVD", id: "CVE-2021-31889", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2022-05-23T00:00:00", db: "CNNVD", id: "CNNVD-202111-837", }, { date: "2024-10-08T09:15:06.100000", db: "NVD", id: "CVE-2021-31889", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Siemens Nucleus Digital error vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "digital error", sources: [ { db: "CNNVD", id: "CNNVD-202111-837", }, ], trust: 0.6, }, }
fkie_cve-2021-31889
Vulnerability from fkie_nvd
Published
2021-11-09 12:15
Modified
2024-11-21 06:06
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*", matchCriteriaId: "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", matchCriteriaId: "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*", matchCriteriaId: "EC33F30E-EEA1-452E-8EFE-28ADA88E3F56", versionEndExcluding: "2017.02.3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*", matchCriteriaId: "07DAF9C3-B56A-4F40-B90B-D0DE96869A44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60FAD4D8-54FA-4721-954E-4AD77020B189", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "B5F978E7-3DD9-4948-BFFB-E7273003477B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "ACCB699F-4F10-47BD-8890-047380972BE1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "7945BF7D-AB3A-4285-9C58-D56149ADFC15", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "105A6FFB-1176-4021-868D-3D6CE77113B2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*", matchCriteriaId: "8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6BE40AF-B7A4-498A-943E-11AA9393A3D6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*", matchCriteriaId: "D9485F0B-03E0-4442-B615-2DA91AE1CD00", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0CA14719-C655-4BED-AE8D-B9C983847AE4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*", matchCriteriaId: "46D32EF0-8AEC-4594-8928-45F34DC60600", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1F3470FD-BEBE-465F-A189-F4CEDD0F6815", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*", matchCriteriaId: "00C647D8-1725-42FA-8042-6C413EE67573", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "60FAD4D8-54FA-4721-954E-4AD77020B189", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*", matchCriteriaId: "B5F978E7-3DD9-4948-BFFB-E7273003477B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (BACnet) (Todas las versiones), APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE MEC (PPC) (BACnet) (Todas las versiones), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3. 5.4), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5. 4), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones anteriores a V2.8.19), Capital VSTAR (Todas las versiones con opciones de Ethernet habilitadas), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30. 016), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC001-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC22. 1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC50-E.D (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2. 3 y anteriores a V6.30.016), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3 y anteriores a V6.30.016), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02. 4), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.4), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.4). Los paquetes TCP malformados con una opción SACK corrupta provocan fugas de información y condiciones de denegación de servicio. (FSMD-2021-0015)", }, ], id: "CVE-2021-31889", lastModified: "2024-11-21T06:06:26.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "productcert@siemens.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-09T12:15:09.693", references: [ { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-044112.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-114589.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-223353.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-845392.html", }, { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { source: "productcert@siemens.com", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
ghsa-9f8q-4pw9-8433
Vulnerability from github
Published
2022-05-24 19:20
Modified
2024-10-08 09:30
Severity ?
Details
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
{ affected: [], aliases: [ "CVE-2021-31889", ], database_specific: { cwe_ids: [ "CWE-191", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-11-09T12:15:00Z", severity: "CRITICAL", }, details: "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", id: "GHSA-9f8q-4pw9-8433", modified: "2024-10-08T09:30:50Z", published: "2022-05-24T19:20:10Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-31889", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-044112.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-114589.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-223353.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-620288.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-845392.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.