CVE-2021-31345
HIGHCapital Embedded AR Classic - Denial of Service via UDP Payload Length Mismatch
Title source: llmDescription
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
References (8)
Core 8
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-044112.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-114589.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-620288.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-845392.html
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf
Scores
CVSS v3
7.5
EPSS
0.0158
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-1284
Status
published
Products (10)
siemens/apogee_modular_building_controller_firmware
siemens/apogee_modular_equiment_controller_firmware
siemens/apogee_pxc_compact_firmware
siemens/apogee_pxc_modular_firmware
siemens/capital_vstar
siemens/nucleus_net
siemens/nucleus_readystart_v3
< 2014.12
siemens/nucleus_source_code
siemens/talon_tc_compact_firmware
siemens/talon_tc_modular_firmware
Published
Nov 09, 2021
Tracked Since
Feb 18, 2026