Main Vulnerability Database Vulnerabilities #VU58086

#VU58086 Improper Null Termination in Siemens products - CVE-2021-31886

Published: November 10, 2021

Vulnerability identifier: #VU58086

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-31886

CWE-ID: CWE-170

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Nucleus NET
Nucleus Source Code
Capital VSTAR
Nucleus ReadyStart

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to improper null termination when the FTP server does not properly validate the length of the “USER” command. A remote attacker can execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf

#VU58086 Improper Null Termination in Siemens products - CVE-2021-31886

Description

Remediation

External links

Please verify you're human