CVE-2021-31889
Severity
9.1CRITICAL
EPSS
1.6%
top 18.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 9
Latest updateMay 24
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages6 packages
🔴Vulnerability Details
5GHSA▶
GHSA-9f8q-4pw9-8433: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2022-05-24
OSV▶
CVE-2021-31346: In Modem ICMP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible system crash due to an improper input validation↗2022-01-01
CVEList▶
CVE-2021-31889: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303),↗2021-11-09