CVE-2021-31886 - Vulnerability Details

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0653.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

APOGEE MBC (PPC) (BACnet)

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MBC (PPC) (P2 Ethernet)

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MEC (PPC) (BACnet)

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MEC (PPC) (P2 Ethernet)

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE PXC Compact (BACnet)

affected

Version	Status	Constraints
`All versions < V3.5.4`	affected	—

Siemens

APOGEE PXC Compact (P2 Ethernet)

affected

Version	Status	Constraints
`All versions < V2.8.19`	affected	—

Siemens

APOGEE PXC Modular (BACnet)

affected

Version	Status	Constraints
`All versions < V3.5.4`	affected	—

Siemens

APOGEE PXC Modular (P2 Ethernet)

affected

Version	Status	Constraints
`All versions < V2.8.19`	affected	—

Siemens

Desigo PXC00-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC00-U

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC001-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC100-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC12-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC128-U

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC200-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC22-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC22.1-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC36.1-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC50-E.D

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXC64-U

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Desigo PXM20-E

affected

Version	Status	Constraints
`All versions >= V2.3 and < V6.30.016`	affected	—

Siemens

Nucleus NET

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

Nucleus ReadyStart V3

affected

Version	Status	Constraints
`All versions < V2017.02.4`	affected	—

Siemens

Nucleus Source Code

affected

Version	Status	Constraints
`All versions`	affected	—

Siemens

TALON TC Compact (BACnet)

affected

Version	Status	Constraints
`All versions < V3.5.4`	affected	—

Siemens

TALON TC Modular (BACnet)

affected

Version	Status	Constraints
`All versions < V3.5.4`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:siemens:nucleus_net::::::::
	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
	cpe:2.3:a:siemens:nucleus_source_code::::::::

Configuration 2 [-]

AND

cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:siemens:apogee_pxc_compact_firmware:::::p2_ethernet:::*
	cpe:2.3:o:siemens:apogee_pxc_compact_firmware:::::bacnet:::*

cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:siemens:apogee_pxc_modular_firmware:::::p2_ethernet:::*
	cpe:2.3:o:siemens:apogee_pxc_modular_firmware:::::bacnet:::*

cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Siemens Subscribe	Apogee Modular Building Controller Subscribe Apogee Modular Building Controller Firmware Subscribe Apogee Modular Equiment Controller Subscribe Apogee Modular Equiment Controller Firmware Subscribe Apogee Pxc Compact Subscribe Apogee Pxc Compact Firmware Subscribe Apogee Pxc Modular Subscribe Apogee Pxc Modular Firmware Subscribe Desigo Pxc00-e.d Subscribe Desigo Pxc00-e.d Firmware Subscribe Desigo Pxc00-u Subscribe Desigo Pxc00-u Firmware Subscribe Desigo Pxc001-e.d Subscribe Desigo Pxc001-e.d Firmware Subscribe Desigo Pxc100-e.d Subscribe Desigo Pxc100-e.d Firmware Subscribe Desigo Pxc12-e.d Subscribe Desigo Pxc12-e.d Firmware Subscribe Desigo Pxc128-u Subscribe Desigo Pxc128-u Firmware Subscribe Desigo Pxc200-e.d Subscribe Desigo Pxc200-e.d Firmware Subscribe Desigo Pxc22-e.d Subscribe Desigo Pxc22-e.d Firmware Subscribe Desigo Pxc22.1-e.d Subscribe Desigo Pxc22.1-e.d Firmware Subscribe Desigo Pxc36.1-e.d Subscribe Desigo Pxc36.1-e.d Firmware Subscribe Desigo Pxc50-e.d Subscribe Desigo Pxc50-e.d Firmware Subscribe Desigo Pxc64-u Subscribe Desigo Pxc64-u Firmware Subscribe Desigo Pxm20-e Subscribe Desigo Pxm20-e Firmware Subscribe Nucleus Net Subscribe Nucleus Readystart V3 Subscribe Nucleus Source Code Subscribe Talon Tc Compact Subscribe Talon Tc Compact Firmware Subscribe Talon Tc Modular Subscribe Talon Tc Modular Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2021-18761	A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-11-09T11:31:59

Updated: 2024-08-03T23:10:30.838Z

Reserved: 2021-04-29T00:00:00

Link: CVE-2021-31886

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-11-09T12:15:09.540

Modified: 2024-11-21T06:06:25.880

Link: CVE-2021-31886

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object