Multiple vulnerabilities in Siemens APOGEE and TALON Products
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2021-31344 CVE-2021-31345 CVE-2021-31346 CVE-2021-31881 CVE-2021-31882 CVE-2021-31883 CVE-2021-31884 CVE-2021-31885 CVE-2021-31886 CVE-2021-31887 CVE-2021-31888 CVE-2021-31889 CVE-2021-31890 |
| CWE-ID | CWE-843 CWE-20 CWE-125 CWE-119 CWE-170 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
APOGEE MEC (PPC) (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE MEC (PPC) (BACnet) Hardware solutions / Other hardware appliances APOGEE MBC (PPC) (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE MBC (PPC) (BACnet) Hardware solutions / Other hardware appliances TALON TC Modular (BACnet) Hardware solutions / Other hardware appliances TALON TC Compact (BACnet) Hardware solutions / Other hardware appliances APOGEE PXC Modular (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE PXC Modular (BACnet) Hardware solutions / Other hardware appliances APOGEE PXC Compact (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE PXC Compact (BACnet) Hardware solutions / Other hardware appliances |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Type Confusion
EUVDB-ID: #VU58078
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31344
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error within ICMP echo packets with fake IP options. A remote attacker can send specially crafted ICMP echo reply messages to arbitrary hosts on the network.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU58079
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31345
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU58080
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31346
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU58081
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31881
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker on the local network can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU58082
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31882
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the DHCP client application when processing DHCP ACK packets. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU58083
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the DHCP client application when processing a DHCP ACK message. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system or gain access to sensitive information.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Null Termination
EUVDB-ID: #VU58084
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31884
CWE-ID:
CWE-170 - Improper Null Termination
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to the DHCP client application assumes the data supplied with the “hostname” DHCP option NULL is terminated. A remote attacker on the local network can execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU58085
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31885
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted TFTP commands, trigger out-of-bounds read error and read contents of memory on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Null Termination
EUVDB-ID: #VU58086
Risk: High
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31886
CWE-ID:
CWE-170 - Improper Null Termination
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “USER” command. A remote attacker can execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Null Termination
EUVDB-ID: #VU58087
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31887
CWE-ID:
CWE-170 - Improper Null Termination
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “PWD/XPWD” command. A remote authenticated attacker can execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Null Termination
EUVDB-ID: #VU58088
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31888
CWE-ID:
CWE-170 - Improper Null Termination
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “MKD/XMKD” command. A remote authenticated attacker can execute arbitrary code on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Integer overflow
EUVDB-ID: #VU58089
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31889
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send a specially crafted TCP packet, trigger integer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU58090
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31890
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the total length of a TCP payload (set in the IP header) is unchecked. A remote attacker can cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsAPOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MBC (PPC) (BACnet): All versions
TALON TC Modular (BACnet): All versions
TALON TC Compact (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-114589.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
