CVE-2021-31889
09.11.2021, 12:15
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
| Vendor | Product | Version |
|---|---|---|
| siemens | capital_vstar | * |
| siemens | nucleus_net | * |
| siemens | nucleus_readystart_v3 | 𝑥 < 2017.02.3 |
| siemens | nucleus_source_code | * |
| siemens | apogee_modular_building_controller_firmware | * |
| siemens | apogee_modular_equiment_controller_firmware | * |
| siemens | apogee_pxc_compact_firmware | * |
| siemens | apogee_pxc_modular_firmware | * |
| siemens | talon_tc_compact_firmware | * |
| siemens | talon_tc_modular_firmware | * |
| siemens | apogee_modular_building_controller_firmware | * |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References