CVE-2021-31890
Severity
9.1CRITICAL
EPSS
2.5%
top 14.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 9
Latest updateMay 24
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization i…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages7 packages
🔴Vulnerability Details
5GHSA▶
GHSA-4mmq-7ch6-8958: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2022-05-24
OSV▶
CVE-2021-31346: In Modem ICMP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check↗2022-01-01
OSV▶
CVE-2021-31346: In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible system crash due to an improper input validation↗2022-01-01
CVEList▶
CVE-2021-31890: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303),↗2021-11-09