K70746705: Multiple NAME:WRECK vulnerabilities

Security Advisory Description CVE-2020-7461 In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient8 fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap...

The vulnerability of FTP servers for microprogrammed software controllers such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus allows a hacker to cause service failures or execute arbitrary codes.

The vulnerability of the FTP servers of the microprogrammed control devices CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors during the verification of the USER command’s length. Exploiting this vulnerability can allow a remote...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing TCP packet headers. This vulnerability allows attackers to gain access to protected information or cause service interruptions.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing the TCP header. Exploiting this vulnerability can allow an attacker to gain access to protected informatio...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing UDP packet headers. This vulnerability allows an attacker to gain access to protected information or cause a service failure.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing the UDP packet header. Exploiting this vulnerability can allow an attacker to gain access to protected...

The vulnerability of FTP servers for microprogrammed software controllers such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of FTP servers for microprogrammed control devices such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors during the verification of the MKD/XMKD command length. Exploiting this vulnerability can allow an attack...

The vulnerability of FTP servers for microprogrammed software controllers such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus allows a hacker to cause service failures or execute arbitrary codes.

The vulnerability of the FTP servers of the microprogrammed control devices CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors during the verification of the PWD/XPWD command length. Exploiting this vulnerability can allow an attacke...

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus relates to errors in processing SACK TCP packets. This vulnerability allows an attacker to gain access to protected information or cause service interruptions.

The vulnerability of microprogrammed software for controllers CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors in processing SACK TCP packets. Exploiting this vulnerability can allow a remote attacker to gain access to protected...

Siemens Capital VSTAR

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely / Low attack complexity Vendor: Siemens Equipment: Capital VSTAR Vulnerabilities: Access of Resource Using Incompatible Type, Improper Validation of Specified Quantity in Input, Out-of-Bounds Read, Improper Restriction of Operations...

CVE-2021-31884

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31882

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. The DHCP client application does not validate the length of the Domain Name Server IP options 0x06 when processing DHCP ACK packets. This may lead to...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

CVE-2021-31883

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303. When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor options, leading to Denial-of-Service...

Design/Logic Flaw

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31883

CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...

CVE-2021-31882

CVE-2021-31882 affects Siemens APOGEE MBC/TALON/Nucleus products (e.g., Capital Embedded AR Classic 431-422 family and AR Classic R20-11, affected “All versions” in some entries). The root cause is that the DHCP client does not validate the length of the Domain Name Server IP option (0x06) when p...

CVE-2021-31345

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions. The total length of an UDP payload set in the IP header is unchecked. This may lead to various side effects, including...

CVE-2021-31345

CVE-2021-31345 affects Siemens Nucleus NET-based products (Capital Embedded AR Classic, CAPITAL VSTAR/PLUSCONTROL) with an unchecked UDP payload length in the IP header. Root cause: UDP payload length is not validated, enabling information leaks and potential denial-of-service depending on the us...

PT-2021-19564 · Unknown · Nucleus Readystart V3 +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 APOGEE MBC PPC BACnet all versions APOGEE MBC PPC P2 Ethernet all versions APOGEE MEC PPC BACnet all versions APOGEE MEC PP...

PT-2021-6896 · Unknown +1 · Nucleus Source Code +10

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all APOGEE MBC versions all APOGEE MEC versions all APOGEE PXC versions all TALON TC versions all Nucleus...

PT-2021-6895 · Mentor Graphics +1 · Nucleus Net +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 40...