cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-31890,https://securityvulnerability.io/vulnerability/CVE-2021-31890,,"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)",Siemens,"Capital Embedded Ar Classic 431-422,Capital Embedded Ar Classic R20-11,Pluscontrol 1st Gen,Simotics Connect 400",9.1,CRITICAL,0.012029999867081642,false,,false,false,false,,false,false,2021-11-09T11:32:02.000Z,0
CVE-2021-31889,https://securityvulnerability.io/vulnerability/CVE-2021-31889,,"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)",Siemens,"Capital Embedded Ar Classic 431-422,Capital Embedded Ar Classic R20-11,Pluscontrol 1st Gen,Simotics Connect 400",9.1,CRITICAL,0.012029999867081642,false,,false,false,false,,false,false,2021-11-09T11:32:01.000Z,0
CVE-2021-31885,https://securityvulnerability.io/vulnerability/CVE-2021-31885,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Pluscontrol 1st Gen,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",7.5,HIGH,0.0011899999808520079,false,,false,false,false,,false,false,2021-11-09T11:31:58.000Z,0
CVE-2021-31346,https://securityvulnerability.io/vulnerability/CVE-2021-31346,,"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)",Siemens,"Capital Embedded Ar Classic 431-422,Capital Embedded Ar Classic R20-11,Pluscontrol 1st Gen,Simotics Connect 400",9.1,CRITICAL,0.012029999867081642,false,,false,false,false,,false,false,2021-11-09T11:31:53.000Z,0
CVE-2021-31345,https://securityvulnerability.io/vulnerability/CVE-2021-31345,,"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)",Siemens,"Capital Embedded Ar Classic 431-422,Capital Embedded Ar Classic R20-11,Pluscontrol 1st Gen",9.1,CRITICAL,0.011219999752938747,false,,false,false,false,,false,false,2021-11-09T11:31:52.000Z,0
CVE-2021-31344,https://securityvulnerability.io/vulnerability/CVE-2021-31344,,"A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",Siemens,"Capital Embedded Ar Classic 431-422,Capital Embedded Ar Classic R20-11,Pluscontrol 1st Gen,Simotics Connect 400",5.3,MEDIUM,0.005319999996572733,false,,false,false,false,,false,false,2021-11-09T11:31:51.000Z,0
CVE-2020-28388,https://securityvulnerability.io/vulnerability/CVE-2020-28388,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Pluscontrol 1st Gen,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",6.5,MEDIUM,0.002589999930933118,false,,false,false,false,,false,false,2021-02-09T00:00:00.000Z,0