CVE-2021-31346 vulnerability in Siemens Products
Published on November 9, 2021
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2021-31346
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Capital Embedded AR Classic 431-422:- Before * is affected.
- Before V2303 is affected.
- Version All versions is affected.
- Version All versions < V0.5.0.0 is affected.
- Version All versions < V1.0.0.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.