CVE-2021-31884

Published Nov 9, 2021

Last updated a year ago

CVSS critical 9.8

Overview

Description: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other
productcert@siemens.com: CWE-170

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEBF34F7-F37A-4FD1-957E-B2E5DEE7A778"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "769372D0-68B3-47F3-B13B-43EAAF7E822D",
            "versionEndExcluding": "2017.02.1"
          },
          {
            "criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60FAD4D8-54FA-4721-954E-4AD77020B189"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5F978E7-3DD9-4948-BFFB-E7273003477B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACCB699F-4F10-47BD-8890-047380972BE1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7945BF7D-AB3A-4285-9C58-D56149ADFC15"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C88C4124-7C22-43DF-84B3-5DBF7FA1973A",
            "versionEndExcluding": "2.8.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E21FF15-E940-43B5-8E6D-806BDF220832",
            "versionEndExcluding": "2.8.19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46B9BC93-293E-4D1F-BA10-4E79DCF472FB",
            "versionEndExcluding": "3.5.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90E02740-938E-421A-97F9-DAC9A96F048B",
            "versionEndExcluding": "3.5.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F55E48E-BFB9-436A-9586-696D910C0122",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A1727849-2FD8-40A2-91D3-E0C9662B45BC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B62759D-843B-48FC-82CB-1A8562C6BAFD",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD39D011-8AE2-46FE-9207-C110E2FBC07C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9FA1D60-CB76-4F9F-AF50-F044938E24F7",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DCC50C13-FA05-4459-BA1E-482D886B842B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E759F7F2-A0EA-4A93-9BE7-56754F3DB71E",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DDA404C0-FD6D-47CC-950C-E5DCC993C8E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06588CEC-2291-4870-84D9-6A61614D954F",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4A4D84CE-07AB-4305-9C48-54392772D4EB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43E08A74-3DAF-4022-9FF2-9ADA4426161E",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E67F374-BF75-4334-A6D5-AB570E0A70D8"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "875BF593-DC7B-4416-983D-E69C48F5F3EF",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1CA7EF94-2EE2-4B53-A544-F675306DF84F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60970078-7799-458D-983C-AD012FFA4241",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B73C4D39-A600-460B-A9A4-A954A58EDB17"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E702A4-7D43-4277-9885-52AA26EB526B",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "88DBB445-0A82-4DE8-B2CB-0CDD06A7E413"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D3E8389-DC09-4E20-9406-8AACE31E4503",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4EC2CE6-D918-4D78-A135-34E25C82E40B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E933BA-6FBA-445C-AC3E-F866E606A34D",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7E1693F-D78F-4AC1-9304-3A5D64F5AEE2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "182DB746-FDA5-4856-BE6C-C84E0EFF7BFC",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A602EDAE-72D4-4546-8C41-BBBECE2FD328"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A58E17E-5986-4EEF-93BF-0596AA1E7F46",
            "versionEndExcluding": "6.30.016",
            "versionStartIncluding": "2.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D7DD189-AEC3-4CB8-9337-876B8C8F2322"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBF6E503-D95E-45FE-92CF-A15FE31B53E9",
            "versionEndExcluding": "3.5.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E2E8B0F-EBBC-4BCC-BE2A-20DCB506DF7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "508E2D8C-D71B-465F-BDBC-A2F813F1320D",
            "versionEndExcluding": "3.5.4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References