siemens capital-vstar CVE-2021-31884 vulnerability in Siemens Products
Published on November 9, 2021

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the Hostname DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)

NVD

Weakness Type

Improper Null Termination

The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. Null termination errors frequently occur in two different ways. An off-by-one error could cause a null to be written out of bounds, leading to an overflow. Or, a program could use a strncpy() function call incorrectly, which prevents a null terminator from being added at all. Other scenarios are possible.


Products Associated with CVE-2021-31884

Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.

Siemens Capital Vstar
 
Siemens Nucleus Net
 
Siemens Nucleus Readystart V3
 
Siemens Nucleus Readystart V4
 
Siemens Nucleus Source Code
 

Affected Versions

Siemens APOGEE MBC (PPC) (BACnet): Siemens APOGEE MBC (PPC) (P2 Ethernet): Siemens APOGEE MEC (PPC) (BACnet): Siemens APOGEE MEC (PPC) (P2 Ethernet): Siemens APOGEE PXC Compact (BACnet): Siemens APOGEE PXC Compact (P2 Ethernet): Siemens APOGEE PXC Modular (BACnet): Siemens APOGEE PXC Modular (P2 Ethernet): Siemens Capital VSTAR: Siemens Desigo PXC00-E.D: Siemens Desigo PXC00-U: Siemens Desigo PXC001-E.D: Siemens Desigo PXC100-E.D: Siemens Desigo PXC12-E.D: Siemens Desigo PXC128-U: Siemens Desigo PXC200-E.D: Siemens Desigo PXC22-E.D: Siemens Desigo PXC22.1-E.D: Siemens Desigo PXC36.1-E.D: Siemens Desigo PXC50-E.D: Siemens Desigo PXC64-U: Siemens Desigo PXM20-E: Siemens Nucleus NET: Siemens Nucleus ReadyStart V3: Siemens Nucleus Source Code: Siemens TALON TC Compact (BACnet): Siemens TALON TC Modular (BACnet):

Exploit Probability

EPSS
0.73%
Percentile
72.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.