cbcvebase.
CVE-2021-31344
published 2021-11-09

CVE-2021-31344: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)…

medium6.9CVSS 4.0
AVNACLATNPRNUINVCNVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)

Affected

7 ranges
VendorProductVersion rangeFixed in
siemenscapital_embedded_ar_classic_431-422< **
siemenscapital_embedded_ar_classic_r20-11< V2303V2303
siemensnucleus_readystart_v3< 2017.02.12017.02.1
siemensnucleus_readystart_v4< 4.1.14.1.1
siemenspluscontrol_1st_gen
siemenssimotics_connect_400
siemenssimotics_connect_400