CVE-2021-31345
Last modified
CVE-2021-31345 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. EPSS estimates a 1.58% chance of exploitation in the next 30 days.
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Capital Vstar | All versions |
| Siemens | Nucleus Net | All versions |
| Siemens | Nucleus Readystart V3 | < 2014.12 |
| Siemens | Nucleus Source Code | All versions |
| Siemens | Apogee Modular Building Controller Firmware | All versions |
| Siemens | Apogee Modular Equiment Controller Firmware | All versions |
| Siemens | Apogee Pxc Compact Firmware | All versions |
| Siemens | Apogee Pxc Modular Firmware | All versions |
| Siemens | Talon Tc Compact Firmware | All versions |
| Siemens | Talon Tc Modular Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31345?
How severe is CVE-2021-31345?
How do I fix CVE-2021-31345?
Are you affected by CVE-2021-31345?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST