GHSA-47j6-w2j2-7jxf

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

CVSS3: 5.3

Описание

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)

Ссылки

EPSS

Процентиль: 75%

0.00911

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2021-31344

Дефекты

CWE-843

Связанные уязвимости

CVE-2021-31344

CVSS3: 5.3

nvd

около 4 лет назад

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)

EPSS

Процентиль: 75%

0.00911

Низкий

6.9 Medium

CVSS4

5.3 Medium

CVSS3

CVE ID

CVE-2021-31344

Дефекты

CWE-843