Multiple vulnerabilities in Siemens PLUSCONTROL 1st Gen
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2021-31344 CVE-2021-31345 CVE-2021-31346 CVE-2021-31885 CVE-2021-31889 CVE-2021-31890 |
| CWE-ID | CWE-843 CWE-20 CWE-125 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PLUSCONTROL 1st Gen Other software / Other software solutions |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Type Confusion
EUVDB-ID: #VU58078
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31344
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error within ICMP echo packets with fake IP options. A remote attacker can send specially crafted ICMP echo reply messages to arbitrary hosts on the network.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU58079
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31345
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU58080
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31346
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the total length of an UDP payload (set in the IP header) is unchecked. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack or gain access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU58085
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31885
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted TFTP commands, trigger out-of-bounds read error and read contents of memory on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU58089
Risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31889
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow. A remote attacker can send a specially crafted TCP packet, trigger integer overflow and cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU58090
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2021-31890
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the total length of a TCP payload (set in the IP header) is unchecked. A remote attacker can cause a denial of service condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPLUSCONTROL 1st Gen: All versions
External linkshttp://cert-portal.siemens.com/productcert/txt/ssa-845392.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
