Headline

CVE-2021-31887

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)

2 years ago

CVE

Open in Source

#vulnerability #dos #rce #perl #pdf #buffer_overflow

%PDF-1.5 %�� 1 0 obj << /D [2 0 R /XYZ 70.866 771.024 null] >> endobj 3 0 obj << /D [2 0 R /XYZ 70.866 630.026 null] >> endobj 4 0 obj << /D [2 0 R /XYZ 70.866 557.991 null] >> endobj 5 0 obj << /D [2 0 R /XYZ 70.866 272.162 null] >> endobj 6 0 obj << /D [2 0 R /XYZ 70.866 201.004 null] >> endobj 7 0 obj << /D [8 0 R /XYZ 85.039 223.66 null] >> endobj 9 0 obj << /D [10 0 R /XYZ 70.866 510.957 null] >> endobj 11 0 obj << /S /GoTo /D [2 0 R /Fit] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots [15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/en-US/product/1009925838/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 392.569 518.276 403.986] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/en-US/product/1336134128/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 350.528 518.276 361.945] >> endobj 19 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [488.431 229.896 525.406 241.433] >> endobj 21 0 obj << /A << /S /GoTo /D (section*.2) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [314.878 200.008 453.357 211.545] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [164.798 109.496 487.754 121.033] >> endobj 23 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [406.699 79.728 525.406 91.145] >> endobj 13 0 obj << /ProcSet [/PDF /Text] /Font << /F53 25 0 R /F56 26 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 3058 >> stream xڽZKs�H��W�Tո��Gj/�Iy7q��d�D۬H�V��_�K")�fV�=�T7I4��!��’’g�K 2��dr�(��2 ��,��|��)U:��ztJDZT�~�|��,a��4L}��7��l;�…oG��d��’��`’dπ@��d�8��’Nfp� F��=�H�`Hp��_’8� �V<%$��w$�~dB2\��ADꠠ��)��P ""t�� :��HH��PCh�NH��0�)��*V��}J Y[!��اT"��u��Ӻ��v^��[1/�"�J�(��H¨B �e�$ 1F�$�ČaMI�b��.>\ލ�#r(�I,��3�5<�*)�� b�N��e�#��%."f�-Q�8&��1�Z�T=vxWt��ȸ2��A>�p�zb\�|xrqsvu�Q]�c�,}3�8aC��u��WeS�w�> �f��E��G��!$�O�Uo�b~6�_�w0�\��8��)�6��o��h��<�v�:�)��G�!�21�n4 {�ZB��Ɉ��I�>�[��$��:�Tn�k̋iV�ң��Y��<�9M)�^=��.�a��٦��ܭf�-� o�S»޺خ�y^�<�8��X��D��3��>��pN�_�g�<��rmPR��=Y2�$(�Ϥ@߰g[��mj�,��Ǐ�#��?��-��q�V#a��6�<9B ��*�삃��3?��홟��<�(��߷��͈�nda�D�x��*-��iDp��{Q>�’��jY��w�߸�ח�=�"X��o �ք�Î4uBG:��y6?��?�@*��qS��M�/�o�``= �w�˲�0ۀg~��H��7��kY4�<=�i�$��=�}j`D��nm#��p�~D��a;��(��x��|v�˧�3�Y��#,�q�m�p�Z�y�ds��LX��Җ��]H G��lT�X� �pΛ�Pc}g�[Ц�N�P�v��;�6[rrà& ��up��.��rUf��̇��R��4�D��U�߽��\��:y!�P��8� :2�u X�>�–&Z�߸��ۻ�ɸ�� ?9J#�{��JT�@K*�R�u��)dG��!�8n��#��miYH�`{��u��0C�%�\��6F6j�� A�5 �#k�!c�O�?��m��2v�R[f ��:O�k5��Z�G9��.��M8Nb�t�k�.�4�o�yv�H}�;�’H�%�V�6��`RS��H=+<�<�[��;09�AS�vc��ҰfK!n�~A$�M� �e6� FĬ� ��E�*F��v89��AM?��>�O�z��m�ǋ��l! �?ǃ6�{�qE5��+ #��8�Hv�� D1BT!0@�� A~�CcVW=��t�<>m��ݺ� )��2�Icv��5��|Ǿl�a��b}��t��l`�ٮV��"<�鳋7�0�/��)��{pu��lP�g��Pۜlfӎ�Y�9tN �*�q~$ pp��a� �98V�:��f��SL��/��*ػ��?�s�2�-�V3��I-�+3#�%8s��Yt)f� ml��4&E��nX��Y^��Θ�n|��OAB�h ��"C�f��eGw�i�:S��q�r, �.� ��. b �+�¤pU��J+ ũzr�6ʄ|Yڃ �z+��3�FĤ��SW.c2��`R��d3Q�@��H��طd(��Hi-:& ��`�v�V߹N7��.�i��u��^�xpB��O+��?��}�=��8�0��I`� ��>��w �f��b9��W�e�Q��cD��#*�ۭ�o}��Y�Ӽ��UVM�36��{ԖW"D��(�(O��WҶ��Ɂ�QM�!�(>��/�QA��_J8�P��;�s��oW��繯w�]��*wI��ċ�. ;J��]Ҧg�)Hg��@ƌ%?�s�W2�lw��-)�� ?^M�ޟ� Nm�k�ё��Ҭ�S��]]�$T�5�`�)f��_1��c��m!<��lVX’� ��*��ξ�"��و��W��a�p�’[�"�Jo\}�?qo��y��؂�8-��Alɿ�mA!Y""�?X��u��Y=��h׺��X��ku��.9e��ge��S�m��6S{fW= ��ޑiT�ꭀ]yn��ok䚒u��T��X�Q�H�w&Z�/�/o�?t��)�CV~��BT �] �{y��i�>��_��c�׶�=H~B�6��5�y��ˋO?^B��7�4�t��p�Z�·�7��!/��Hw��T�_Y��h�;@�F�^��5��8"�Ua�k��,�=p4��[�|�k&�Z��Iy-a��}�)[�� H@$�>fe�Y�CN�b�m=�e�X�[��z�(�|�2v�Y��^��޹Yz5��y�wh̶[�Q��mV�� !��g��s �鲴A�a�Z�:r wZK��t �n6�Q ��͏��>lᰙeطqapU�0��@��?:c�a��6��l��P��Y��Sw5�d=k 䓫�@~\4e��Pl��v’��A��0k�J�Ԏ��!�n�k�Gͪ~�-왏�m6��:��!a?�ƸC�q;yD��N��w�M��Nů��]�`��_kǩfU�vsI^��.��/�lg&;��O�_�>��F��_� �^�"��m�� C0�X��ԈvR�_�� endstream endobj 27 0 obj << /D [2 0 R /XYZ 69.866 808.885 null] >> endobj 25 0 obj << /Subtype /Type1 /FirstChar 2 /Type /Font /BaseFont /YTQTPI+NimbusSanL-Regu /FontDescriptor 28 0 R /Encoding 29 0 R /LastChar 169 /Widths 30 0 R >> endobj 26 0 obj << /Subtype /Type1 /FirstChar 40 /Type /Font /BaseFont /FQDLEL+NimbusSanL-Bold /FontDescriptor 31 0 R /Encoding 29 0 R /LastChar 117 /Widths 32 0 R >> endobj 33 0 obj << /D [2 0 R /XYZ 70.866 507.344 null] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/en-US/product/1009925838/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 379.124 362.992 392.03] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/en-US/product/1336134128/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [303.117 337.084 362.992 349.99] >> endobj 20 0 obj << /A << /S /GoTo /D (section*.4) >> /Subtype /Link /C [1 0 0] /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 218.06 193.814 229.477] >> endobj 24 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 67.773 146.342 78.961] >> endobj 14 0 obj << /Kids [2 0 R 34 0 R 35 0 R 8 0 R 10 0 R] /Type /Pages /Count 5 >> endobj 36 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [131.954 548.137 248.203 559.674] >> endobj 37 0 obj << /A << /S /URI /Type /Action /URI (https://cwe.mitre.org/) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [69.87 458.473 163.926 470.01] >> endobj 38 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 371.516 507.302 385.464] >> endobj 39 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 236.739 508.922 250.686] >> endobj 40 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 113.916 507.302 127.864] >> endobj 41 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C) >> /C [0 1 1] /Subtype /Link /Type /Annot /H /I /Border [0 0 0] /Rect [224.029 690.044 507.053 703.992] >> endobj 42 0 obj << /ProcSet [/PDF /Text] /Font << /F53 25 0 R /F56 26 0 R >> >> endobj 34 0 obj << /Contents 43 0 R /Type /Page /Resources 42 0 R /Parent 14 0 R /Annots [36 0 R 37 0 R 38 0 R 39 0 R 40 0 R] /MediaBox [0 0 595.276 841.89] >> endobj 43 0 obj << /Filter /FlateDecode /Length 2895 >> stream xڽZ�o�8~�_ᷕ�Z)R��i��N�[�,�,�A��!g(˪��E�^"�?�3Ùo>� &�I0��[N��"Mn�’q�’Q4��%�’7��OoY荮��ǉ��Y��Θ��/ESCcx�t7��]�wY;��_7��\ܜ��B��~�I�9��`�C��U2y�#7!C_��䏓��:�e̊e��I��+ф��E*�E ��_&��@E��P@�G��X�a̟SވJbq��zqu��h? �A2ڑ0��J��=��7�Ez��RccQe[x��K[M�S�P�4��}��8�i�*Ow�,�7۲H��+�>�5��Z��*Ǚ0acFtU��mQW�Dc�ĥ�T�6mwu[gu�LA�+P]H/�P�2��ӻa�],��(��0֙϶6O��tӰ�+��+O�m��4}l �6�vk��Q�?��N�9�2K��Rdzʄ�Og�ެ��g��«��2�ô��m\WY��+3�mv޷�8�]��Gz��!7S��4:�!֯)�F�$�Md62� R��$��n��D�D��P_E?��u�?.۴�,�XPg��m��v�9\xl~(�5��{O��^SߛM1�jlY\MY��q�1��+��;�`��;X҄i ��Bza�|�2ē(�>S�XkT&A��٤e��&��T�+��uk��(��i� ۷z�s�3�L�J��3X#�sZ�)�6c�6N-�{]�EZ�f��,��of� !� F#�ԓ�c]��6��2�J�<zв)�]=�l�Y[��*��`fm��I5�sS.��lZ��\7Ūrs�Y��K��rd��~D�.A�S� �M9�0%[�M��`@��h��Nx��0��wMK��(��Cؕ4�_!�ò0�uRJ��(�R(�1� dg�̀�Dx�ާ@ ��(ZJ,^M|�g�_�G�B�9l��<��[��n�έ��r�"��E��Y��.�?�

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

2 years ago

CVE

Open in Source