// For flags

CVE-2022-38371

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones), Nucleus ReadyStart versión V3 (Todas las versiones), Nucleus Source Code (Versiones que incluyen el servidor FTP afectado). El servidor FTP no libera apropiadamente los recursos de memoria reservados para los intentos de conexión incompletos de los clientes FTP. Esto podría permitir a un atacante remoto generar una condición de denegación de servicio en dispositivos que incorporen una versión vulnerable del servidor FTP

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2022-08-16 CVE Reserved
  • 2022-10-11 CVE Published
  • 2024-06-01 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Apogee Modular Building Controller Firmware
Search vendor "Siemens" for product "Apogee Modular Building Controller Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
Apogee Modular Building Controller
Search vendor "Siemens" for product "Apogee Modular Building Controller"
--
Safe
Siemens
Search vendor "Siemens"
Apogee Modular Equiment Controller Firmware
Search vendor "Siemens" for product "Apogee Modular Equiment Controller Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
Apogee Modular Equiment Controller
Search vendor "Siemens" for product "Apogee Modular Equiment Controller"
--
Safe
Siemens
Search vendor "Siemens"
Apogee Pxc Compact Firmware
Search vendor "Siemens" for product "Apogee Pxc Compact Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
Apogee Pxc Compact
Search vendor "Siemens" for product "Apogee Pxc Compact"
--
Safe
Siemens
Search vendor "Siemens"
Apogee Pxc Modular Firmware
Search vendor "Siemens" for product "Apogee Pxc Modular Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
Apogee Pxc Modular
Search vendor "Siemens" for product "Apogee Pxc Modular"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc00-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc00-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc00-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc00-e.d
Search vendor "Siemens" for product "Desigo Pxc00-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc00-u Firmware
Search vendor "Siemens" for product "Desigo Pxc00-u Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc00-u Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc00-u
Search vendor "Siemens" for product "Desigo Pxc00-u"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc001-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc001-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc001-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc001-e.d
Search vendor "Siemens" for product "Desigo Pxc001-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc12-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc12-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc12-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc12-e.d
Search vendor "Siemens" for product "Desigo Pxc12-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc22-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc22-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc22-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc22-e.d
Search vendor "Siemens" for product "Desigo Pxc22-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc22.1-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc22.1-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc22.1-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc22.1-e.d
Search vendor "Siemens" for product "Desigo Pxc22.1-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc36.1-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc36.1-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc36.1-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc36.1-e.d
Search vendor "Siemens" for product "Desigo Pxc36.1-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc50-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc50-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc50-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc50-e.d
Search vendor "Siemens" for product "Desigo Pxc50-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc64-u Firmware
Search vendor "Siemens" for product "Desigo Pxc64-u Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc64-u Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc64-u
Search vendor "Siemens" for product "Desigo Pxc64-u"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc100-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc100-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc100-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc100-e.d
Search vendor "Siemens" for product "Desigo Pxc100-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc128-u Firmware
Search vendor "Siemens" for product "Desigo Pxc128-u Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc128-u Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc128-u
Search vendor "Siemens" for product "Desigo Pxc128-u"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxc200-e.d Firmware
Search vendor "Siemens" for product "Desigo Pxc200-e.d Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxc200-e.d Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxc200-e.d
Search vendor "Siemens" for product "Desigo Pxc200-e.d"
--
Safe
Siemens
Search vendor "Siemens"
Desigo Pxm20-e Firmware
Search vendor "Siemens" for product "Desigo Pxm20-e Firmware"
<= 2.3
Search vendor "Siemens" for product "Desigo Pxm20-e Firmware" and version " <= 2.3"
-
Affected
in Siemens
Search vendor "Siemens"
Desigo Pxm20-e
Search vendor "Siemens" for product "Desigo Pxm20-e"
--
Safe
Siemens
Search vendor "Siemens"
Talon Tc Compact Firmware
Search vendor "Siemens" for product "Talon Tc Compact Firmware"
*-
Affected
in Siemens
Search vendor "Siemens"
Talon Tc Compact
Search vendor "Siemens" for product "Talon Tc Compact"
--
Safe
Siemens
Search vendor "Siemens"
Nucleus Net
Search vendor "Siemens" for product "Nucleus Net"
*-
Affected
Siemens
Search vendor "Siemens"
Nucleus Readystart V3
Search vendor "Siemens" for product "Nucleus Readystart V3"
*-
Affected
Siemens
Search vendor "Siemens"
Nucleus Source Code
Search vendor "Siemens" for product "Nucleus Source Code"
--
Affected