Common Weakness Enumeration

CWE-170

Allowed

Improper Null Termination

Abstraction: Base · Status: Incomplete

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

77 vulnerabilities reference this CWE, most recent first.

CVE-2021-31888 (GCVE-0-2021-31888)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:32 – Updated: 2024-08-03 23:10
VLAI
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)
Severity
No CVSS data available.
CWE
  • CWE-170 - Improper Null Termination
Assigner
References
Impacted products
Vendor Product Version
Siemens APOGEE MBC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MBC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE PXC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Compact (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens APOGEE PXC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Modular (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens Desigo PXC00-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC00-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC001-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC100-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC12-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC128-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC200-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC36.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC50-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC64-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXM20-E Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Nucleus NET Affected: All versions
Create a notification for this product.
Siemens Nucleus ReadyStart V3 Affected: All versions < V2017.02.4
Create a notification for this product.
Siemens Nucleus Source Code Affected: All versions
Create a notification for this product.
Siemens TALON TC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens TALON TC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE MBC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MBC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "Desigo PXC00-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC00-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC001-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC100-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC12-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC128-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC200-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC36.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC50-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC64-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXM20-E",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Nucleus NET",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Nucleus ReadyStart V3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2017.02.4"
            }
          ]
        },
        {
          "product": "Nucleus Source Code",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "TALON TC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "TALON TC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T09:46:37.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "APOGEE MBC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC001-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC100-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC12-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC128-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC200-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC36.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC50-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC64-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXM20-E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus ReadyStart V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2017.02.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus Source Code",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cMKD/XMKD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170: Improper Null Termination"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31888",
    "datePublished": "2021-11-09T11:32:00.000Z",
    "dateReserved": "2021-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:10:30.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31887 (GCVE-0-2021-31887)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:32 – Updated: 2024-08-03 23:10
VLAI
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)
Severity
No CVSS data available.
CWE
  • CWE-170 - Improper Null Termination
Assigner
References
Impacted products
Vendor Product Version
Siemens APOGEE MBC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MBC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE PXC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Compact (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens APOGEE PXC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Modular (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens Desigo PXC00-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC00-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC001-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC100-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC12-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC128-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC200-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC36.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC50-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC64-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXM20-E Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Nucleus NET Affected: All versions
Create a notification for this product.
Siemens Nucleus ReadyStart V3 Affected: All versions < V2017.02.4
Create a notification for this product.
Siemens Nucleus Source Code Affected: All versions
Create a notification for this product.
Siemens TALON TC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens TALON TC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE MBC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MBC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "Desigo PXC00-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC00-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC001-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC100-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC12-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC128-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC200-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC36.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC50-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC64-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXM20-E",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Nucleus NET",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Nucleus ReadyStart V3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2017.02.4"
            }
          ]
        },
        {
          "product": "Nucleus Source Code",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "TALON TC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "TALON TC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T09:46:36.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "APOGEE MBC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC001-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC100-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC12-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC128-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC200-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC36.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC50-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC64-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXM20-E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus ReadyStart V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2017.02.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus Source Code",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cPWD/XPWD\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170: Improper Null Termination"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31887",
    "datePublished": "2021-11-09T11:32:00.000Z",
    "dateReserved": "2021-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:10:30.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31886 (GCVE-0-2021-31886)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2024-08-03 23:10
VLAI
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)
Severity
No CVSS data available.
CWE
  • CWE-170 - Improper Null Termination
Assigner
References
Impacted products
Vendor Product Version
Siemens APOGEE MBC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MBC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE PXC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Compact (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens APOGEE PXC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Modular (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens Desigo PXC00-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC00-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC001-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC100-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC12-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC128-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC200-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC36.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC50-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC64-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXM20-E Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Nucleus NET Affected: All versions
Create a notification for this product.
Siemens Nucleus ReadyStart V3 Affected: All versions < V2017.02.4
Create a notification for this product.
Siemens Nucleus Source Code Affected: All versions
Create a notification for this product.
Siemens TALON TC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens TALON TC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE MBC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MBC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "Desigo PXC00-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC00-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC001-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC100-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC12-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC128-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC200-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC36.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC50-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC64-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXM20-E",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Nucleus NET",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Nucleus ReadyStart V3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2017.02.4"
            }
          ]
        },
        {
          "product": "Nucleus Source Code",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "TALON TC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "TALON TC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T09:46:35.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31886",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "APOGEE MBC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC001-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC100-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC12-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC128-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC200-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC36.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC50-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC64-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXM20-E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus ReadyStart V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2017.02.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus Source Code",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). FTP server does not properly validate the length of the \u201cUSER\u201d command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170: Improper Null Termination"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31886",
    "datePublished": "2021-11-09T11:31:59.000Z",
    "dateReserved": "2021-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:10:30.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31884 (GCVE-0-2021-31884)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2024-08-03 23:10
VLAI
Summary
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
Severity
No CVSS data available.
CWE
  • CWE-170 - Improper Null Termination
Assigner
Impacted products
Vendor Product Version
Siemens APOGEE MBC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MBC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (BACnet) Affected: All versions
Create a notification for this product.
Siemens APOGEE MEC (PPC) (P2 Ethernet) Affected: All versions
Create a notification for this product.
Siemens APOGEE PXC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Compact (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens APOGEE PXC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens APOGEE PXC Modular (P2 Ethernet) Affected: All versions < V2.8.19
Create a notification for this product.
Siemens Capital VSTAR Affected: All versions with enabled Ethernet options
Create a notification for this product.
Siemens Desigo PXC00-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC00-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC001-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC100-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC12-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC128-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC200-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC22.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC36.1-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC50-E.D Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXC64-U Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Desigo PXM20-E Affected: All versions >= V2.3 and < V6.30.016
Create a notification for this product.
Siemens Nucleus NET Affected: All versions
Create a notification for this product.
Siemens Nucleus ReadyStart V3 Affected: All versions < V2017.02.4
Create a notification for this product.
Siemens Nucleus Source Code Affected: All versions
Create a notification for this product.
Siemens TALON TC Compact (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Siemens TALON TC Modular (BACnet) Affected: All versions < V3.5.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE MBC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MBC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE MEC (PPC) (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Compact (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "APOGEE PXC Modular (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.19"
            }
          ]
        },
        {
          "product": "Capital VSTAR",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with enabled Ethernet options"
            }
          ]
        },
        {
          "product": "Desigo PXC00-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC00-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC001-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC100-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC12-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC128-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC200-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC22.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC36.1-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC50-E.D",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXC64-U",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Desigo PXM20-E",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003e= V2.3 and \u003c V6.30.016"
            }
          ]
        },
        {
          "product": "Nucleus NET",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Nucleus ReadyStart V3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2017.02.4"
            }
          ]
        },
        {
          "product": "Nucleus Source Code",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "TALON TC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        },
        {
          "product": "TALON TC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-10T09:46:33.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-31884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "APOGEE MBC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MBC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE MEC (PPC) (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Compact (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "APOGEE PXC Modular (P2 Ethernet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.8.19"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Capital VSTAR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with enabled Ethernet options"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC00-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC001-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC100-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC12-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC128-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC200-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC22.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC36.1-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC50-E.D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXC64-U",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Desigo PXM20-E",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus NET",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus ReadyStart V3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2017.02.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Nucleus Source Code",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Compact (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "TALON TC Modular (BACnet)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V3.5.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170: Improper Null Termination"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31884",
    "datePublished": "2021-11-09T11:31:57.000Z",
    "dateReserved": "2021-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:10:30.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22931 (GCVE-0-2021-22931)

Vulnerability from cvelistv5 – Published: 2021-08-16 00:00 – Updated: 2025-04-30 22:24
VLAI
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-170 - Improper Null Termination (CWE-170)
Assigner
Impacted products
Vendor Product Version
NodeJS Node Affected: 4.0 , < 4.* (semver)
Affected: 5.0 , < 5.* (semver)
Affected: 6.0 , < 6.* (semver)
Affected: 7.0 , < 7.* (semver)
Affected: 8.0 , < 8.* (semver)
Affected: 9.0 , < 9.* (semver)
Affected: 10.0 , < 10.* (semver)
Affected: 11.0 , < 11.* (semver)
Affected: 12.0 , < 12.22.5 (semver)
Affected: 13.0 , < 13.* (semver)
Affected: 14.0 , < 14.17.5 (semver)
Affected: 15.0 , < 15.* (semver)
Affected: 16.0 , < 16.6.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:25.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1178337"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "GLSA-202401-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-22931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T21:01:01.127709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T21:43:52.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.22.5",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.17.5",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.6.2",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "Improper Null Termination (CWE-170)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:24:34.672Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
        },
        {
          "url": "https://hackerone.com/reports/1178337"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "GLSA-202401-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-02"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22931",
    "datePublished": "2021-08-16T00:00:00.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2025-04-30T22:24:34.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1471 (GCVE-0-2021-1471)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:07 – Updated: 2024-11-08 23:33
VLAI
Title
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Jabber Affected: n/a
Create a notification for this product.
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:19:44.044602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:33:43.641Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Jabber",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:07:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
        "defect": [
          [
            "CSCvw96073",
            "CSCvw96075",
            "CSCvw96079",
            "CSCvx36433",
            "CSCvx43270"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1471",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Jabber",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
          "defect": [
            [
              "CSCvw96073",
              "CSCvw96075",
              "CSCvw96079",
              "CSCvx36433",
              "CSCvx43270"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1471",
    "datePublished": "2021-03-24T20:07:00.596Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:33:43.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1469 (GCVE-0-2021-1469)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:06 – Updated: 2024-11-08 23:33
VLAI
Title
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Jabber Affected: n/a
Create a notification for this product.
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:19:45.677850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:33:52.813Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Jabber",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:06:55.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
        "defect": [
          [
            "CSCvw96073",
            "CSCvw96075",
            "CSCvw96079",
            "CSCvx36433",
            "CSCvx43270"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1469",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Jabber",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
          "defect": [
            [
              "CSCvw96073",
              "CSCvw96075",
              "CSCvw96079",
              "CSCvx36433",
              "CSCvx43270"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1469",
    "datePublished": "2021-03-24T20:06:55.446Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:33:52.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1418 (GCVE-0-2021-1418)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:20 – Updated: 2024-11-08 23:30
VLAI
Title
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Jabber Affected: n/a
Create a notification for this product.
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1418",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:19:12.575892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:30:38.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Jabber",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:20:34.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
        "defect": [
          [
            "CSCvw96073",
            "CSCvw96075",
            "CSCvw96079",
            "CSCvx36433",
            "CSCvx43270"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1418",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Jabber",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
          "defect": [
            [
              "CSCvw96073",
              "CSCvw96075",
              "CSCvw96079",
              "CSCvx36433",
              "CSCvx43270"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1418",
    "datePublished": "2021-03-24T20:20:34.669Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:30:38.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1417 (GCVE-0-2021-1417)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:20 – Updated: 2024-11-08 23:30
VLAI
Title
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Jabber Affected: n/a
Create a notification for this product.
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:16.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:19:20.259983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:30:47.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Jabber",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:20:30.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
        "defect": [
          [
            "CSCvw96073",
            "CSCvw96075",
            "CSCvw96079",
            "CSCvx36433",
            "CSCvx43270"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1417",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Jabber",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
          "defect": [
            [
              "CSCvw96073",
              "CSCvw96075",
              "CSCvw96079",
              "CSCvx36433",
              "CSCvx43270"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1417",
    "datePublished": "2021-03-24T20:20:30.224Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:30:47.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1411 (GCVE-0-2021-1411)

Vulnerability from cvelistv5 – Published: 2021-03-24 20:20 – Updated: 2024-11-08 23:30
VLAI
Title
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco Jabber Affected: n/a
Create a notification for this product.
Date Public
2021-03-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1411",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:19:26.573976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:30:58.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Jabber",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-03-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-24T20:20:25.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
        "defect": [
          [
            "CSCvw96073",
            "CSCvw96075",
            "CSCvw96079",
            "CSCvx36433",
            "CSCvx43270"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-03-24T16:00:00",
          "ID": "CVE-2021-1411",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Jabber Desktop and Mobile Client Software Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Jabber",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-170"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210324 Cisco Jabber Desktop and Mobile Client Software Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-jabber-PWrTATTC"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cisco-jabber-PWrTATTC",
          "defect": [
            [
              "CSCvw96073",
              "CSCvw96075",
              "CSCvw96079",
              "CSCvx36433",
              "CSCvx43270"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1411",
    "datePublished": "2021-03-24T20:20:25.403Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-08T23:30:58.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Requirements

Use a language that is not susceptible to these issues. However, be careful of null byte interaction errors (CWE-626) with lower-level constructs that may be written in a language that is susceptible.

Mitigation
Implementation

Ensure that all string functions used are understood fully as to how they append null characters. Also, be wary of off-by-one errors when appending nulls to the end of strings.

Mitigation
Implementation

If performance constraints permit, special code can be added that validates null-termination of string buffers, this is a rather naive and error-prone solution.

Mitigation
Implementation

Switch to bounded string manipulation functions. Inspect buffer lengths involved in the buffer overrun trace reported with the defect.

Mitigation
Implementation

Add code that fills buffers with nulls (however, the length of buffers still needs to be inspected, to ensure that the non null-terminated string is not written at the physical end of the buffer).

No CAPEC attack patterns related to this CWE.