CVE-2022-38371 - OpenCVE

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Siemens	Apogee Modular Building Controller Apogee Modular Building Controller Firmware Apogee Modular Equiment Controller Apogee Modular Equiment Controller Firmware Apogee Pxc Compact Apogee Pxc Compact Firmware Apogee Pxc Modular Apogee Pxc Modular Firmware Desigo Pxc00-e.d Desigo Pxc00-e.d Firmware Desigo Pxc00-u Desigo Pxc00-u Firmware Desigo Pxc001-e.d Desigo Pxc001-e.d Firmware Desigo Pxc100-e.d Desigo Pxc100-e.d Firmware Desigo Pxc12-e.d Desigo Pxc12-e.d Firmware Desigo Pxc128-u Desigo Pxc128-u Firmware Desigo Pxc200-e.d Desigo Pxc200-e.d Firmware Desigo Pxc22-e.d Desigo Pxc22-e.d Firmware Desigo Pxc22.1-e.d Desigo Pxc22.1-e.d Firmware Desigo Pxc36.1-e.d Desigo Pxc36.1-e.d Firmware Desigo Pxc50-e.d Desigo Pxc50-e.d Firmware Desigo Pxc64-u Desigo Pxc64-u Firmware Desigo Pxm20-e Desigo Pxm20-e Firmware Nucleus Net Nucleus Readystart V3 Nucleus Source Code Talon Tc Compact Talon Tc Compact Firmware

Configuration 1 [-]

OR	cpe:2.3:a:siemens:nucleus_net::::::::
	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
	cpe:2.3:a:siemens:nucleus_source_code:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-313313.html
https://cert-portal.siemens.com/productcert/html/ssa-935500.html
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-10-11T00:00:00

Updated: 2024-09-17T13:53:27.567Z

Reserved: 2022-08-16T00:00:00

Link: CVE-2022-38371

Vulnrichment

Updated: 2024-08-03T10:54:03.448Z

NVD

Status : Modified

Published: 2022-10-11T11:15:10.297

Modified: 2024-05-14T16:15:25.167

Link: CVE-2022-38371

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object