CVE-2021-31888

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the MKD/XMKD command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
siemensCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
siemensnucleus_net
*
siemensnucleus_readystart_v3
𝑥
< 2017.02.4
siemensnucleus_source_code
*
siemensapogee_modular_building_controller_firmware
*
siemensapogee_modular_equiment_controller_firmware
*
siemensapogee_pxc_compact_firmware
𝑥
< 2.8.19
siemensapogee_pxc_compact_firmware
𝑥
< 3.5.4
siemensapogee_pxc_modular_firmware
𝑥
< 2.8.19
siemensapogee_pxc_modular_firmware
𝑥
< 3.5.4
siemenstalon_tc_compact_firmware
𝑥
< 3.5.4
siemenstalon_tc_modular_firmware
𝑥
< 3.5.4
siemensdesigo_pxc00-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc00-u_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc001-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc12-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc22-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc22.1-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc36.1-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc50-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc64-u_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc100-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc128-u_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxc200-e.d_firmware
2.3 ≤
𝑥
< 6.30.016
siemensdesigo_pxm20-e_firmware
2.3 ≤
𝑥
< 6.30.016
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf