CVE-2021-31890
published 2021-11-09CVE-2021-31890: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| siemens | capital_embedded_ar_classic_431-422 | < * | * |
| siemens | capital_embedded_ar_classic_r20-11 | < V2303 | V2303 |
| siemens | nucleus_readystart_v3 | < 2017.02.4 | 2017.02.4 |
| siemens | nucleus_readystart_v4 | < 4.1.1 | 4.1.1 |
| siemens | pluscontrol_1st_gen | — | — |
| siemens | simotics_connect_400 | — | — |
| siemens | simotics_connect_400 | — | — |