SB2021111002 - Multiple vulnerabilities in Siemens Nucleus RTOS TCP/IP Stack

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021111002

SB2021111002 - Multiple vulnerabilities in Siemens Nucleus RTOS TCP/IP Stack

Published: November 10, 2021

Security Bulletin ID SB2021111002
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 31% Medium 62% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Type Confusion (CVE-ID: CVE-2021-31344)

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to a type confusion error within ICMP echo packets with fake IP options. A remote attacker can send specially crafted ICMP echo reply messages to arbitrary hosts on the network.


2) Input validation error (CVE-ID: CVE-2021-31345)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.


3) Input validation error (CVE-ID: CVE-2021-31346)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.


4) Out-of-bounds read (CVE-ID: CVE-2021-31881)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker on the local network can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition.


5) Buffer overflow (CVE-ID: CVE-2021-31882)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the DHCP client application when processing DHCP ACK packets. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.


6) Buffer overflow (CVE-ID: CVE-2021-31883)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the DHCP client application when processing a DHCP ACK message. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system or gain access to sensitive information.


7) Improper Null Termination (CVE-ID: CVE-2021-31884)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to the DHCP client application assumes the data supplied with the “hostname” DHCP option NULL is terminated. A remote attacker on the local network can execute arbitrary code on the target system.


8) Out-of-bounds read (CVE-ID: CVE-2021-31885)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted TFTP commands, trigger out-of-bounds read error and read contents of memory on the system.


9) Improper Null Termination (CVE-ID: CVE-2021-31886)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “USER” command. A remote attacker can execute arbitrary code on the target system.


10) Improper Null Termination (CVE-ID: CVE-2021-31887)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “PWD/XPWD” command. A remote authenticated attacker can execute arbitrary code on the target system.


11) Improper Null Termination (CVE-ID: CVE-2021-31888)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “MKD/XMKD” command. A remote authenticated attacker can execute arbitrary code on the target system.


12) Integer overflow (CVE-ID: CVE-2021-31889)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can send a specially crafted TCP packet, trigger integer overflow and cause a denial of service condition on the target system.


13) Input validation error (CVE-ID: CVE-2021-31890)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the total length of a TCP payload (set in the IP header) is unchecked. A remote attacker can cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References