A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
Configuration 19 (hide)
AND |
|
History
14 Feb 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
Summary | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. |
13 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server. |
12 Oct 2022, 13:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens apogee Pxc Modular
Siemens desigo Pxc128-u Siemens apogee Pxc Modular Firmware Siemens desigo Pxc128-u Firmware Siemens desigo Pxc12-e.d Siemens desigo Pxc200-e.d Siemens apogee Modular Building Controller Firmware Siemens desigo Pxc001-e.d Siemens apogee Pxc Compact Firmware Siemens desigo Pxc100-e.d Firmware Siemens talon Tc Compact Firmware Siemens desigo Pxm20-e Siemens desigo Pxc22.1-e.d Firmware Siemens desigo Pxc50-e.d Siemens desigo Pxc50-e.d Firmware Siemens nucleus Readystart V3 Siemens desigo Pxc22.1-e.d Siemens apogee Pxc Compact Siemens desigo Pxc22-e.d Firmware Siemens desigo Pxc00-e.d Siemens talon Tc Compact Siemens desigo Pxc00-u Siemens apogee Modular Building Controller Siemens Siemens desigo Pxc64-u Siemens desigo Pxm20-e Firmware Siemens desigo Pxc36.1-e.d Firmware Siemens desigo Pxc00-u Firmware Siemens nucleus Source Code Siemens desigo Pxc22-e.d Siemens desigo Pxc00-e.d Firmware Siemens desigo Pxc64-u Firmware Siemens nucleus Net Siemens desigo Pxc200-e.d Firmware Siemens desigo Pxc12-e.d Firmware Siemens apogee Modular Equiment Controller Firmware Siemens apogee Modular Equiment Controller Siemens desigo Pxc36.1-e.d Siemens desigo Pxc001-e.d Firmware Siemens desigo Pxc100-e.d |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf - Patch, Vendor Advisory | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-401 |
11 Oct 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-11 11:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38371
Mitre link : CVE-2022-38371
CVE.ORG link : CVE-2022-38371
JSON object : View
Products Affected
siemens
- apogee_pxc_modular_firmware
- desigo_pxc128-u
- apogee_modular_building_controller
- talon_tc_compact
- desigo_pxc22-e.d
- nucleus_source_code
- apogee_modular_equiment_controller_firmware
- desigo_pxm20-e
- desigo_pxc22.1-e.d
- desigo_pxc128-u_firmware
- desigo_pxc00-u
- desigo_pxc22.1-e.d_firmware
- desigo_pxc200-e.d
- desigo_pxc001-e.d
- desigo_pxc00-e.d
- apogee_modular_building_controller_firmware
- desigo_pxc36.1-e.d_firmware
- desigo_pxc50-e.d
- desigo_pxc00-e.d_firmware
- desigo_pxc64-u_firmware
- desigo_pxc00-u_firmware
- desigo_pxc12-e.d_firmware
- apogee_pxc_compact_firmware
- apogee_pxc_modular
- desigo_pxc22-e.d_firmware
- desigo_pxc64-u
- desigo_pxc100-e.d
- nucleus_net
- apogee_pxc_compact
- nucleus_readystart_v3
- desigo_pxc36.1-e.d
- apogee_modular_equiment_controller
- desigo_pxm20-e_firmware
- desigo_pxc50-e.d_firmware
- desigo_pxc12-e.d
- talon_tc_compact_firmware
- desigo_pxc200-e.d_firmware
- desigo_pxc100-e.d_firmware
- desigo_pxc001-e.d_firmware