February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – FormBook Malware – Active IOCs
November 12, 2021Rewterz Threat Advisory – CVE-2021-40444 MSHTML Vulnerability Exploited in Spam Campaign
November 12, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
November 12, 2021Rewterz Threat Advisory – CVE-2021-40444 MSHTML Vulnerability Exploited in Spam Campaign
November 12, 2021
Severity
High
Analysis Summary
CVE-2021-31344
ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network.
CVE-2021-31345
The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks, depending on a user-defined application that runs on top of the UDP protocol.
CVE-2021-31346
The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks and denial-of-service conditions, depending on the network buffer organization in memory.
CVE-2021-31881
When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions.
CVE-2021-31882
The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to denial-of-service conditions.
CVE-2021-31883
When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions.
CVE-2021-31884
The DHCP client application assumes the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to out-of-bound reads, writes, and denial-of-service conditions.
CVE-2021-31885
TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands.
CVE-2021-31886
FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
CVE-2021-31887
FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
CVE-2021-31888
FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution.
CVE-2021-31889
Malformed TCP packets with a corrupted SACK option leads to denial-of-service conditions.
CVE-2021-31890
The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including denial-of-service conditions, depending on the network buffer organization in memory.
Impact
- Denial of Service
- Remote Code Execution
Affected Vendors
- Siemens
Affected Products
- APOGEE MBC (PPC) (BACnet): All versions
- APOGEE MBC (PPC) (P2 Ethernet): All versions
- APOGEE MEC (PPC) (BACnet): All versions
- APOGEE MEC (PPC) (P2 Ethernet): All versions
- APOGEE PXC Compact (BACnet): All versions
- APOGEE PXC Compact (P2 Ethernet): All versions
- APOGEE PXC Modular (BACnet): All versions
- APOGEE PXC Modular (P2 Ethernet): All versions
- TALON TC Compact (BACnet): All versions
- TALON TC Modular (BACnet): All versions
Remediation
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.