CVE-2021-31346

CVSS 8.2 HIGHEPSS 1.9%CWE-1284

In short

A flaw in several industrial devices fails to validate the size of ICMP network packets, allowing attackers to send specially crafted packets that can leak sensitive information or crash the system.

Technical detail

The vulnerability exists in ICMP payload length validation at the IP header level across multiple Siemens industrial products. An unauthenticated attacker can send malformed ICMP packets with unchecked payload sizes to trigger memory buffer issues, resulting in information disclosure or denial-of-service depending on memory layout.

Summary generated and translated by AI from the official description.

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected products

Siemens · Capital Embedded AR Classic 431-422 Siemens · Capital Embedded AR Classic R20-11 Siemens · PLUSCONTROL 1st Gen Siemens · SIMOTICS CONNECT 400

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References