CVE-2021-31888

CWE-170 CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGH

EPSS

3.4%

top 12.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Apogee PXC Compact Firmware Siemens Apogee PXC Modular Firmware Siemens Desigo Pxc00-e.d Firmware +40 more

Timeline

PublishedNov 9

Latest updateMay 24

Description

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucle…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages44 packages

▶CVEListV5siemens/apogee_pxc_compact_(bacnet)All versions < V3.5.4

▶CVEListV5siemens/apogee_pxc_modular_(bacnet)All versions < V3.5.4

▶CVEListV5siemens/apogee_mbc_(ppc)_(bacnet)All versions

▶CVEListV5siemens/apogee_mec_(ppc)_(bacnet)All versions

▶CVEListV5siemens/talon_tc_compact_(bacnet)All versions < V3.5.4

🔴Vulnerability Details

GHSA

GHSA-825j-f8cf-xxrr: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2022-05-24

▶

CVEList

CVE-2021-31888: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2021-11-09

▶