CVE-2021-31881

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Siemens Capital Embedded AR Classic 431-422Siemens Capital Embedded AR Classic R20-11Siemens Nucleus Readystart V3
Timeline
PublishedNov 9
Latest updateMay 24

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-x327-px9p-wgr2: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn2022-05-24
CVEList
CVE-2021-31881: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)2021-11-09
CVE-2021-31881 (HIGH CVSS 7.5) | A vulnerability has been identified | cvebase.io