Siemens Simotics Connect 400 vulnerabilities

9 known vulnerabilities affecting siemens/simotics_connect_400.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2021-31346CRITICALCVSS 9.1vAll versions < V0.5.0.0vAll versions < V1.0.0.02021-11-09
CVE-2021-31346 [HIGH] CWE-1284 CVE-2021-31346: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecke
cvelistv5nvd
CVE-2021-31889CRITICALCVSS 9.1vAll versions < V0.5.0.02021-11-09
CVE-2021-31889 [HIGH] CWE-191 CVE-2021-31889: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2
cvelistv5nvd
CVE-2021-31890CRITICALCVSS 9.1vAll versions < V0.5.0.0vAll versions < V1.0.0.02021-11-09
CVE-2021-31890 [HIGH] CWE-240 CVE-2021-31890: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked.
cvelistv5nvd
CVE-2021-31344MEDIUMCVSS 6.9vAll versions < V0.5.0.0vAll versions < V1.0.0.02021-11-09
CVE-2021-31344 [MEDIUM] CWE-843 CVE-2021-31344: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital E A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply
cvelistv5nvd
CVE-2020-27738HIGHCVSS 7.4vAll versions < V0.5.0.02021-04-22
CVE-2020-27738 [MEDIUM] CWE-788 CVE-2020-27738: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus R
cvelistv5nvd
CVE-2021-25677MEDIUMCVSS 5.3vAll versions < V0.5.0.0vAll versions >= V0.5.0.0 < V1.0.0.02021-04-22
CVE-2021-25677 [MEDIUM] CWE-330 CVE-2021-25677: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions = V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
cvelistv5nvd
CVE-2020-27736MEDIUMCVSS 6.5vAll versions < V0.5.0.02021-04-22
CVE-2020-27736 [MEDIUM] CWE-170 CVE-2020-27736: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus R
cvelistv5nvd
CVE-2020-27737MEDIUMCVSS 6.5vAll versions < V0.5.0.02021-04-22
CVE-2020-27737 [MEDIUM] CWE-125 CVE-2020-27737: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus R
cvelistv5nvd
CVE-2019-13939HIGHCVSS 7.1vAll versions < V0.3.0.3302020-01-16
CVE-2019-13939 [HIGH] CWE-20 CVE-2019-13939: A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC C A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions = V2.8.2 = V2.8.2 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3x and = V2.3 < V6.0.327), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All
cvelistv5nvd