Denial of service in Siemens Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products



Published: 2022-10-13
Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2022-38371
CWE-ID CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Desigo PXM20-E
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC200-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC128-U
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC100-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC64-U
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC50-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC36.1-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC22.1-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC22-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC12-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC001-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC00-U
Hardware solutions / Routers & switches, VoIP, GSM, etc

Desigo PXC00-E.D
Hardware solutions / Routers & switches, VoIP, GSM, etc

APOGEE MEC (PPC) (P2 Ethernet)
Hardware solutions / Other hardware appliances

APOGEE MEC (PPC) (BACnet)
Hardware solutions / Other hardware appliances

APOGEE MBC (PPC) (P2 Ethernet)
Hardware solutions / Other hardware appliances

APOGEE MBC (PPC) (BACnet)
Hardware solutions / Other hardware appliances

TALON TC Modular (BACnet)
Hardware solutions / Other hardware appliances

TALON TC Compact (BACnet)
Hardware solutions / Other hardware appliances

APOGEE PXC Modular (P2 Ethernet)
Hardware solutions / Other hardware appliances

APOGEE PXC Modular (BACnet)
Hardware solutions / Other hardware appliances

APOGEE PXC Compact (P2 Ethernet)
Hardware solutions / Other hardware appliances

APOGEE PXC Compact (BACnet)
Hardware solutions / Other hardware appliances

Vendor Siemens

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU68283

Risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2022-38371

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the FTP server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Desigo PXM20-E: 2.3

Desigo PXC200-E.D: 2.3

Desigo PXC128-U: 2.3

Desigo PXC100-E.D: 2.3

Desigo PXC64-U: 2.3

Desigo PXC50-E.D: 2.3

Desigo PXC36.1-E.D: 2.3

Desigo PXC22.1-E.D: 2.3

Desigo PXC22-E.D: 2.3

Desigo PXC12-E.D: 2.3

Desigo PXC001-E.D: 2.3

Desigo PXC00-U: 2.3

Desigo PXC00-E.D: 2.3

APOGEE MEC (PPC) (P2 Ethernet): All versions

APOGEE MEC (PPC) (BACnet): All versions

APOGEE MBC (PPC) (P2 Ethernet): All versions

APOGEE MBC (PPC) (BACnet): All versions

TALON TC Modular (BACnet): All versions

TALON TC Compact (BACnet): All versions

APOGEE PXC Modular (P2 Ethernet): All versions

APOGEE PXC Modular (BACnet): All versions

APOGEE PXC Compact (P2 Ethernet): All versions

APOGEE PXC Compact (BACnet): All versions

External links

http://cert-portal.siemens.com/productcert/txt/ssa-935500.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###