CVE-2021-31346

Summary

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)

Affected Software

VendorProductVersion RangeStatus
SiemensCapital Embedded AR Classic 431-4220 < *affected
SiemensCapital Embedded AR Classic R20-110 < V2303affected
SiemensPLUSCONTROL 1st GenAll versionsaffected
SiemensSIMOTICS CONNECT 400All versions < V0.5.0.0affected
SiemensSIMOTICS CONNECT 400All versions < V1.0.0.0affected

Weaknesses

  • CWE-1284: CWE-1284: Improper Validation of Specified Quantity in Input

ADP Enrichment

CVE Program Container

Additional References

References