CVE-2021-31881

Summary

CVE	CVE-2021-31881
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-09 12:15:00 UTC
Updated	2022-05-20 13:15:00 UTC
Description	A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Apogee Modular Building Controller	-	All	All	All
Operating System	Siemens	Apogee Modular Building Controller Firmware	All	All	All	All
Hardware	Siemens	Apogee Modular Equiment Controller	-	All	All	All
Operating System	Siemens	Apogee Modular Equiment Controller Firmware	All	All	All	All
Hardware	Siemens	Apogee Pxc Compact	-	All	All	All
Operating System	Siemens	Apogee Pxc Compact Firmware	All	All	All	All
Hardware	Siemens	Apogee Pxc Modular	-	All	All	All
Operating System	Siemens	Apogee Pxc Modular Firmware	All	All	All	All
Application	Siemens	Capital Vstar	All	All	All	All
Application	Siemens	Nucleus Net	All	All	All	All
Application	Siemens	Nucleus Readystart V3	All	All	All	All
Application	Siemens	Nucleus Readystart V4	All	All	All	All
Application	Siemens	Nucleus Source Code	All	All	All	All
Hardware	Siemens	Talon Tc Compact	-	All	All	All
Operating System	Siemens	Talon Tc Compact Firmware	All	All	All	All
Hardware	Siemens	Talon Tc Modular	-	All	All	All
Operating System	Siemens	Talon Tc Modular Firmware	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf	MISC	cert-portal.siemens.com
N/A	CONFIRM	cert-portal.siemens.com
cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf	MISC	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590688 Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A) Multiple Vulnerabilities (ICSA-21-315-07)
590744 Siemens Nucleus RTOS TCP/IP Stack Multiple Vulnerabilities (ICSA-21-313-03)
590745 Siemens Nucleus RTOS TCP/IP Stack Multiple Vulnerabilities (SSA-044112)
590746 Siemens Nucleus RTOS Transmission Control Protocol/Internet Protocol (TCP/IP) Stack Multiple Vulnerabilities (SSA-114589)
590747 Siemens Nucleus RTOS TCP/IP Stack Multiple Vulnerabilities (SSA-620288)
590821 WAGO NUCLEUS Transmission Control Protocol (TCP) Stack Multiple Vulnerabilities (VDE-2021-050)