cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38371,https://securityvulnerability.io/vulnerability/CVE-2022-38371,Denial of Service Vulnerability in Siemens APOGEE and Desigo Products,"A vulnerability has been discovered in various Siemens products, specifically affecting the FTP server's ability to manage memory resources. This flaw can be exploited by remote attackers to create a denial of service condition by leaving incomplete connection attempts, which prevents the server from successfully releasing memory. As a result, devices running these vulnerable versions may become unresponsive. Users are encouraged to review the affected product versions and apply appropriate mitigations.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net For Nucleus Plus V1,Nucleus Net For Nucleus Plus V2,Nucleus Readystart V3 V2012,Nucleus Readystart V3 V2017,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",7.5,HIGH,0.0035600000992417336,false,,false,false,false,,,false,false,,2022-10-11T00:00:00.000Z,0
CVE-2021-31887,https://securityvulnerability.io/vulnerability/CVE-2021-31887,Buffer Overflow Vulnerability in Siemens APOGEE and Desigo Products,"A vulnerability exists in various Siemens APOGEE and Desigo products due to improper validation of the 'PWD/XPWD' command length on the FTP server. This flaw can cause stack-based buffer overflows, potentially allowing attackers to execute arbitrary code or cause Denial-of-Service conditions, compromising the integrity and availability of the affected systems.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.8,HIGH,0.0028800000436604023,false,,false,false,false,,,false,false,,2021-11-09T11:32:00.000Z,0
CVE-2021-31888,https://securityvulnerability.io/vulnerability/CVE-2021-31888,Stack-based Buffer Overflow in Siemens APOGEE and Desigo Products,"A vulnerability has been detected in Siemens APOGEE and Desigo products, where the FTP server fails to validate the length of the 'MKD/XMKD' command appropriately. This mismanagement can lead to stack-based buffer overflows, potentially resulting in Denial-of-Service conditions as well as enabling Remote Code Execution exploits. It affects a wide range of versions across various models, necessitating immediate attention to mitigate possible risks.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.8,HIGH,0.003000000026077032,false,,false,false,false,,,false,false,,2021-11-09T11:32:00.000Z,0
CVE-2021-31886,https://securityvulnerability.io/vulnerability/CVE-2021-31886,Stack-Based Buffer Overflow in Siemens APOGEE and Desigo Products,"A vulnerability exists in Siemens APOGEE and Desigo products due to improper validation of the length of the 'USER' command in the FTP server. This oversight can lead to stack-based buffer overflows, potentially resulting in Denial-of-Service conditions and allowing remote code execution. Affected versions include various models of the APOGEE MBC, MEC, PXC, and Desigo, which could expose systems to significant risks if exploited.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.012179999612271786,false,,false,false,false,,,false,false,,2021-11-09T11:31:59.000Z,0
CVE-2021-31885,https://securityvulnerability.io/vulnerability/CVE-2021-31885,TFTP Memory Buffer Reading Vulnerability in APOGEE and Desigo Products by Siemens,"A vulnerability exists in various Siemens products where the TFTP server application can be exploited via malformed TFTP commands, allowing unauthorized reading of the contents in the TFTP memory buffer. This issue affects a wide range of products including the APOGEE and Desigo series, posing risks to system integrity and data confidentiality.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Pluscontrol 1st Gen,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",7.5,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2021-11-09T11:31:58.000Z,0
CVE-2021-31884,https://securityvulnerability.io/vulnerability/CVE-2021-31884,Out-of-Bounds Read and Write Vulnerability in Siemens APOGEE and Desigo Products,"A flaw in various Siemens products allows for out-of-bounds read and write operations due to improper handling of the 'Hostname' DHCP option. This vulnerability can lead to potential information leakage and denial-of-service conditions when the global hostname variable is not defined. Attackers exploiting this vulnerability may gain unauthorized access or disrupt service, affecting operational continuity.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Capital Vstar,Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.003530000103637576,false,,false,false,false,,,false,false,,2021-11-09T11:31:57.000Z,0
CVE-2021-27391,https://securityvulnerability.io/vulnerability/CVE-2021-27391,Buffer Overflow in APOGEE and TALON Devices by Siemens,"A buffer overflow vulnerability exists in Siemens' APOGEE and TALON devices due to inadequate bounds checking of the Host parameter in HTTP requests. This weakness allows unauthenticated remote attackers to potentially execute arbitrary code with root privileges, putting critical systems at risk. Proper mitigations and updates are essential to safeguard against such exploits.",Siemens,"Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.007899999618530273,false,,false,false,false,,,false,false,,2021-09-14T10:47:31.000Z,0