cbcvebase.
CVE-2021-31885
published 2021-11-09

CVE-2021-31885: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
siemensapogee_mbc
siemensapogee_mec
siemensapogee_pxc_compact
siemensapogee_pxc_compact
siemensapogee_pxc_modular
siemensapogee_pxc_modular
siemensdesigo_pxc00-e.d
siemensdesigo_pxc00-u
siemensdesigo_pxc001-e.d
siemensdesigo_pxc100-e.d
siemensdesigo_pxc12-e.d
siemensdesigo_pxc128-u
siemensdesigo_pxc200-e.d
siemensdesigo_pxc22-e.d
siemensdesigo_pxc22.1-e.d
siemensdesigo_pxc36.1-e.d
siemensdesigo_pxc50-e.d
siemensdesigo_pxc64-u
siemensdesigo_pxm20-e
siemensnucleus_net
siemensnucleus_readystart_v3< 2017.02.42017.02.4
siemensnucleus_readystart_v3
siemensnucleus_readystart_v4< 4.1.14.1.1
siemensnucleus_readystart_v4
siemensnucleus_source_code