github - ghsa-59qg-qcpj-8hf9

ghsa-59qg-qcpj-8hf9

Vulnerability from github

Published

2022-10-11 12:00

Modified

2024-05-14 18:30

Severity

7.5 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-38371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-11T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions), Nucleus Source Code (Versions including affected FTP server). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.",
  "id": "GHSA-59qg-qcpj-8hf9",
  "modified": "2024-05-14T18:30:33Z",
  "published": "2022-10-11T12:00:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38371"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-313313.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-935500.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2022-38371

Vulnerability from cvelistv5

Published

2022-10-11 00:00

Modified

2024-09-17 13:53

Severity

7.5 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

References

URL	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf
https://cert-portal.siemens.com/productcert/html/ssa-935500.html
https://cert-portal.siemens.com/productcert/html/ssa-313313.html

Impacted products

Vendor	Product
Siemens	APOGEE MBC (PPC) (BACnet)
Siemens	APOGEE MBC (PPC) (P2 Ethernet)
Siemens	APOGEE MEC (PPC) (BACnet)
Siemens	APOGEE MEC (PPC) (P2 Ethernet)
Siemens	APOGEE PXC Compact (BACnet)
Siemens	APOGEE PXC Compact (P2 Ethernet)
Siemens	APOGEE PXC Modular (BACnet)
Siemens	APOGEE PXC Modular (P2 Ethernet)
Siemens	Desigo PXC00-E.D
Siemens	Desigo PXC00-U
Siemens	Desigo PXC001-E.D
Siemens	Desigo PXC100-E.D
Siemens	Desigo PXC12-E.D
Siemens	Desigo PXC128-U
Siemens	Desigo PXC200-E.D
Siemens	Desigo PXC22-E.D
Siemens	Desigo PXC22.1-E.D
Siemens	Desigo PXC36.1-E.D
Siemens	Desigo PXC50-E.D
Siemens	Desigo PXC64-U
Siemens	Desigo PXM20-E
Siemens	Nucleus NET for Nucleus PLUS V1
Siemens	Nucleus NET for Nucleus PLUS V2
Siemens	Nucleus ReadyStart V3 V2012
Siemens	Nucleus ReadyStart V3 V2017
Siemens	Nucleus Source Code
Siemens	TALON TC Compact (BACnet)
Siemens	TALON TC Modular (BACnet)

Show details on NVD website