CVE-2021-31346 — Improper Validation of Specified Quantity in Input in Siemens Capital Embedded AR Classic 431-422
Severity
9.1CRITICALNVD
CNA8.2
EPSS
2.5%
top 14.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 9
Latest updateMay 24
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2
Affected Packages6 packages
🔴Vulnerability Details
5GHSA▶
GHSA-gwc7-j4mc-q8fw: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2022-05-24
OSV▶
CVE-2021-31346: In Modem ICMP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible system crash due to an improper input validation↗2022-01-01
CVEList▶
CVE-2021-31346: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303),↗2021-11-09