CVE-2021-31884

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-31884
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*
History

26 Jun 2023, 19:15

Type Values Removed Values Added
CWE CWE-170 NVD-CWE-Other
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf - Vendor Advisory
CPE cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*
First Time Siemens desigo Pxc00-e.d Firmware
Siemens desigo Pxc50-e.d Firmware
Siemens desigo Pxc200-e.d Firmware
Siemens desigo Pxc00-e.d
Siemens desigo Pxc12-e.d Firmware
Siemens desigo Pxc12-e.d
Siemens desigo Pxc128-u
Siemens desigo Pxc00-u Firmware
Siemens desigo Pxc100-e.d Firmware
Siemens desigo Pxm20-e Firmware
Siemens desigo Pxc00-u
Siemens desigo Pxc001-e.d
Siemens desigo Pxc22.1-e.d Firmware
Siemens desigo Pxc64-u
Siemens desigo Pxc001-e.d Firmware
Siemens desigo Pxc36.1-e.d
Siemens desigo Pxc128-u Firmware
Siemens desigo Pxm20-e
Siemens desigo Pxc200-e.d
Siemens desigo Pxc64-u Firmware
Siemens desigo Pxc50-e.d
Siemens desigo Pxc22-e.d Firmware
Siemens desigo Pxc36.1-e.d Firmware
Siemens desigo Pxc22.1-e.d
Siemens desigo Pxc100-e.d
Siemens desigo Pxc22-e.d

20 May 2022, 13:15

Type Values Removed Values Added
Summary A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014) A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

12 Apr 2022, 09:15

Type Values Removed Values Added
Summary A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014) A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

14 Dec 2021, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf -
Summary A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014) A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
CWE CWE-787
CWE-125		 CWE-170

12 Nov 2021, 18:15

Type Values Removed Values Added
CPE cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*

12 Nov 2021, 16:37

Type Values Removed Values Added
CPE cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
CWE CWE-170 CWE-787
CWE-125
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf - Vendor Advisory
References (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf - (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf - Vendor Advisory

09 Nov 2021, 12:23

Type Values Removed Values Added
New CVE
Information

Published : 2021-11-09 12:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-31884

Mitre link : CVE-2021-31884

CVE.ORG link : CVE-2021-31884

JSON object : View

Products Affected

siemens

  • apogee_modular_equiment_controller_firmware
  • desigo_pxc22-e.d_firmware
  • desigo_pxc22-e.d
  • talon_tc_modular
  • desigo_pxc50-e.d
  • desigo_pxc100-e.d_firmware
  • desigo_pxm20-e_firmware
  • apogee_modular_building_controller
  • talon_tc_modular_firmware
  • desigo_pxc22.1-e.d_firmware
  • desigo_pxc36.1-e.d_firmware
  • desigo_pxc128-u_firmware
  • desigo_pxc200-e.d
  • desigo_pxc64-u
  • desigo_pxc200-e.d_firmware
  • desigo_pxc00-e.d
  • apogee_pxc_compact
  • desigo_pxc12-e.d
  • desigo_pxc12-e.d_firmware
  • desigo_pxc50-e.d_firmware
  • desigo_pxm20-e
  • desigo_pxc001-e.d
  • talon_tc_compact
  • apogee_modular_building_controller_firmware
  • talon_tc_compact_firmware
  • desigo_pxc36.1-e.d
  • desigo_pxc00-e.d_firmware
  • desigo_pxc100-e.d
  • nucleus_source_code
  • desigo_pxc00-u
  • apogee_pxc_compact_firmware
  • desigo_pxc00-u_firmware
  • desigo_pxc128-u
  • desigo_pxc64-u_firmware
  • apogee_pxc_modular_firmware
  • nucleus_readystart_v3
  • apogee_modular_equiment_controller
  • nucleus_net
  • capital_vstar
  • desigo_pxc001-e.d_firmware
  • desigo_pxc22.1-e.d
  • apogee_pxc_modular
CWE
NVD-CWE-Other CWE-170

Improper Null Termination