描述性
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4).错误TCP包并带有腐烂SACK选项通向信息泄漏和拒绝服务条件(FSMD-2021-0015)
插件只对Tenable.ot工作
网站s/www.yyueer.com/products/tenable-ot获取更多信息
求解
下文原由网络安全基础设施安全局创建原创可见于CISA.gov
西门子推荐下列具体变通和缓冲用户可应用来减少风险:
Desigo产品:更新至v6.3.0.016
APOGEPXC压缩和APOGEEPXC模版更新联系Siemens办公室支持
TALONTC契约(BACnet)、TALONTC模版(BACnet)、APOGEPXC契约(BACnet)和APOGEPXC模版(BACnet):
更新到 v3.5.4或后联系Siemens办公室支持
CVE-2021-31881、CVE-2021-31883、CVE-2021-31884:禁用DHCP客户端并代之使用静态IP配置
CVE-2021-31885、CVE-2021-31886、CVE-2021-3187、CVE-2021-31888:禁用FTP服务
西门子强烈建议保护网络访问带适当机制的受影响产品推荐安全实践运行设备
详情见Siemens安全咨询SSA-114589
插件细节
风险信息
向量
:CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
向量
:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞信息
CPE系统
:cpe:/o:siemens:apogee_modular_building_controller_firmware,cpe:/o:siemens:apogee_modular_equiment_controller_firmware,cpe:/o:siemens:apogee_pxc_compact_firmware,cpe:/o:siemens:apogee_pxc_modular_firmware
需要kb项
:Tenable.ot/Siemens