CVE-2021-31889
published 2021-11-09CVE-2021-31889: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| siemens | capital_embedded_ar_classic_431-422 | < * | * |
| siemens | capital_embedded_ar_classic_r20-11 | < V2303 | V2303 |
| siemens | nucleus_readystart_v3 | < 2017.02.3 | 2017.02.3 |
| siemens | pluscontrol_1st_gen | — | — |
| siemens | simotics_connect_400 | — | — |