Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.NUCLEUS_FTP_MULTIPLE_VULNS.NBIN
HistoryNov 11, 2021 - 12:00 a.m.

Nucleus FTP Server Multiple Vulnerabilities (NUCLEUS:13)

2021-11-1100:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

A FTP server running on the remote host is possibly affected by multiple vulnerabilities :

  • FTP server does not properly validate the length of the USER command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
    (CVE-2021-31886)

  • FTP server does not properly validate the length of the PWD/XPWD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
    (CVE-2021-31887)

  • FTP server does not properly validate the length of the MKD/XMKD command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
    (CVE-2021-31888)

Note that Nessus reports these vulnerabilities based on the presence of the Nucleus FTP server. These vulnerabilities might have been mitigated.

Binary data nucleus_ftp_multiple_vulns.nbin
VendorProductVersionCPE
nucleus_netnucleus_netx-cpe:/a:nucleus_net:nucleus_net

Related

thn 2
nessus 13
cnvd 3
prion 3
cve 3
f5 1
ics 2
malwarebytes 1
thn
thn
13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment
2021-11-10 10:11:00
Researchers Warn of Critical Security Bugs in Schneider Electric Modicon PLCs
2023-02-16 13:18:00
nessus
nessus
Siemens Nucleus RTOS-based APOGEE and TALON Products Buffer Access with Incorrect Length Value (CVE-2021-31885)
2022-02-07 00:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2021-31883)
2022-02-07 00:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products Out-of-Bounds Read (CVE-2021-31881)
2022-02-07 00:00:00
cnvd
cnvd
Incorrect Zero Termination Vulnerability in Multiple Siemens Products (CNVD-2021-89436)
2021-11-11 00:00:00
Incorrect Zero Termination Vulnerability in Multiple Siemens Products (CNVD-2021-89437)
2021-11-11 00:00:00
Incorrect Zero Termination Vulnerability in Multiple Siemens Products (CNVD-2021-89438)
2021-11-11 00:00:00
prion
prion
Stack overflow
2021-11-09 12:15:00
Stack overflow
2021-11-09 12:15:00
Stack overflow
2021-11-09 12:15:00
cve
cve
CVE-2021-31886
2021-11-09 12:15:00
CVE-2021-31888
2021-11-09 12:15:00
CVE-2021-31887
2021-11-09 12:15:00
f5
f5
K000135330 : Multiple Nucleus TCP/IP stack vulnerabilities
2023-06-30 00:00:00
ics
ics
Siemens Nucleus RTOS TCP/IP Stack
2021-11-17 12:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
2022-05-12 12:00:00
malwarebytes
malwarebytes
[updated] Patch now! Microsoft plugs actively exploited zero-days and other updates
2021-11-10 14:30:23
JSON
Related for NUCLEUS_FTP_MULTIPLE_VULNS.NBIN
thn2nessus13cnvd3prion3cve3f51ics2malwarebytes1