Detections
Analytics
Siemens Nucleus RTOS-based APOGEE and TALON Products Access of Resource Using Incompatible Type (CVE-2021-31344)
medium Tenable OT Security Plugin ID 500601
Synopsis
The remote OT asset is affected by a vulnerability.Description
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network.(FSMD-2021-0004)
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.Siemens recommends the following specific workarounds and mitigations users can apply to reduce the risk:
- Desigo products: update to v6.30.016 or later
- APOGEE PXC Compact (P2 Ethernet) and APOGEE PXC Modular (P2 Ethernet): update to v2.8.19 or later. Contact a Siemens office for support.
- TALON TC Compact (BACnet), TALON TC Modular (BACnet), APOGEE PXC Compact (BACnet), and APOGEE PXC Modular (BACnet):
update to v3.5.4 or later. Contact a Siemens office for support.
- CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note the DHCP client is disabled by default on APOGEE/TALON and Desigo products).
- CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note the FTP service is disabled by default on Desigo products).
As a general security measure Siemens strongly recommends protecting network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices to run the devices in a protected IT environment.
For more information see Siemens Security Advisory SSA-114589
See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-21-313-03
https://www.cisa.gov/news-events/ics-advisories/icsa-21-315-07
Plugin Details
Severity: Medium
ID: 500601
Version: 1.12
Type: remote
Family: Tenable.ot
Published: 2/7/2022
Updated: 4/16/2025
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2021-31344
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:siemens:apogee_modular_equiment_controller_firmware, cpe:/o:siemens:desigo_pxc200-e.d_firmware, cpe:/o:siemens:desigo_pxc64-u_firmware, cpe:/o:siemens:desigo_pxc128-u_firmware, cpe:/o:siemens:desigo_pxc22.1-e.d_firmware, cpe:/o:siemens:desigo_pxc36.1-e.d_firmware, cpe:/o:siemens:apogee_pxc_modular_firmware, cpe:/o:siemens:desigo_pxc100-e.d_firmware, cpe:/o:siemens:desigo_pxc001-e.d_firmware, cpe:/o:siemens:desigo_pxc00-e.d_firmware, cpe:/o:siemens:desigo_pxc22-e.d_firmware, cpe:/o:siemens:desigo_pxm20-e_firmware, cpe:/o:siemens:desigo_pxc12-e.d_firmware, cpe:/o:siemens:apogee_modular_building_controller_firmware, cpe:/o:siemens:apogee_pxc_compact_firmware, cpe:/o:siemens:desigo_pxc00-u_firmware, cpe:/o:siemens:desigo_pxc50-e.d_firmware
Required KB Items: Tenable.ot/Siemens
Exploit Ease: No known exploits are available
Patch Publication Date: 11/9/2021
Vulnerability Publication Date: 11/9/2021
Reference Information
CVE: CVE-2021-31344
CWE: 843
ICSA: 21-313-03, 21-315-07