BDU:2022-02449Critical
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Share link
Anyone with the link can open this vulnerability.
Уязвимость микропрограммного обеспечения контроллеров CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC и операционной системы Nu…
CVSS
9.1
Critical
EPSS
0.00
p0
Published
2022-01-01
Updated
2022-01-01
Description
Уязвимость микропрограммного обеспечения контроллеров CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC и операционной системы Nucleus связана с ошибками при обработке заголовка TCP-пакета. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации или вызвать отказ в обслуживании
Tags · CWE
Pre-auth
Affected products
Siemens ag Apogee mbc (ppc) (bacnet)Siemens ag Apogee mbc (ppc) (p2 ethernet):Siemens ag Apogee mec (ppc) (bacnet)Siemens ag Apogee mec (ppc) (p2 ethernet)Siemens ag Apogee pxc compact (bacnet)Siemens ag Apogee pxc compact (p2 ethernet)Siemens ag Apogee pxc modular (bacnet)Siemens ag Apogee pxc modular (p2 ethernet)Siemens ag Nucleus netSiemens ag Nucleus readystart v3Siemens ag Nucleus readystart v4Siemens ag Nucleus source codeSiemens ag Talon tc compact (bacnet)Siemens ag Talon tc modular (bacnet)Siemens ag Vstar
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
| Product | Vendor | Status |
|---|---|---|
| apogee mbc (ppc) (bacnet) | siemens ag | Tracked |
| apogee mbc (ppc) (p2 ethernet): | siemens ag | Tracked |
| apogee mec (ppc) (bacnet) | siemens ag | Tracked |
| apogee mec (ppc) (p2 ethernet) | siemens ag | Tracked |
| apogee pxc compact (bacnet) | siemens ag | Tracked |
| apogee pxc compact (p2 ethernet) | siemens ag | Tracked |
| apogee pxc modular (bacnet) | siemens ag | Tracked |
| apogee pxc modular (p2 ethernet) | siemens ag | Tracked |
| nucleus net | siemens ag | Tracked |
| nucleus readystart v3 | siemens ag | Tracked |
| nucleus readystart v4 | siemens ag | Tracked |
| nucleus source code | siemens ag | Tracked |
| talon tc compact (bacnet) | siemens ag | Tracked |
| talon tc modular (bacnet) | siemens ag | Tracked |
| vstar | siemens ag | Tracked |
Source databases
BDU
BDU
Data Bank of Information Security Threats
BDU ФСТЭК is the authoritative Russian source of vulnerability information, covering both international CVEs relevant to domestic software and unique Russian-disclosed issues. Entries contain severity, affected product lists (in Russian), and mitigation recommendations.
Region
RU
Updates
1 ч
License
Открытые данные
Russian federal catalog of vulnerabilities and threats maintained by FSTEC. Required for compliance with Russian information security regulations (Приказ №17, Приказ №21).
https://bdu.fstec.ru →Related vulnerabilities