CVE-2021-31883

CWE-119Buffer Overflow3 documents3 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Siemens Capital Embedded AR Classic 431-422Siemens Capital Embedded AR Classic R20-11Siemens Nucleus Readystart V3
Timeline
PublishedNov 9
Latest updateMay 24

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-9p2c-f575-r7xw: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn2022-05-24
CVEList
CVE-2021-31883: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)2021-11-09
CVE-2021-31883 (HIGH CVSS 7.5) | A vulnerability has been identified | cvebase.io