CVE-2021-41545 - OpenCVE

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Siemens	Desigo Pxc5 Firmware Desigo Pxc3 Desigo Dxr2 Firmware Desigo Pxc3 Firmware Desigo Dxr2 Desigo Pxc5 Desigo Pxc4 Firmware Desigo Pxc4

Configuration 1 [-]

AND

cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2022-05-10T09:46:45

Updated: 2022-05-10T09:46:45

Reserved: 2021-09-21T00:00:00

Link: CVE-2021-41545

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-10T11:15:07.840

Modified: 2022-05-19T17:09:19.667

Link: CVE-2021-41545

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Desigo DXR2", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.5-22"}]}, {"product": "Desigo PXC3", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V01.21.142.4-18"}]}, {"product": "Desigo PXC4", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}, {"product": "Desigo PXC5", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V02.20.142.10-10884"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a \u201cout of work\u201d state and could result in the controller going into a \u201cfactory reset\u201d state."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-10T09:46:45", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-41545", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Desigo DXR2", "version": {"version_data": [{"version_value": "All versions < V01.21.142.5-22"}]}}, {"product_name": "Desigo PXC3", "version": {"version_data": [{"version_value": "All versions < V01.21.142.4-18"}]}}, {"product_name": "Desigo PXC4", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}, {"product_name": "Desigo PXC5", "version": {"version_data": [{"version_value": "All versions < V02.20.142.10-10884"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a \u201cout of work\u201d state and could result in the controller going into a \u201cfactory reset\u201d state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-248: Uncaught Exception"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-41545", "datePublished": "2022-05-10T09:46:45", "dateReserved": "2021-09-21T00:00:00", "dateUpdated": "2022-05-10T09:46:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_dxr2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B50EDDC-4B68-416E-B8BE-58399A90FE44", "versionEndExcluding": "01.21.142.5-22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_dxr2:-:*:*:*:*:*:*:*", "matchCriteriaId": "21EDDCD7-3B64-410E-A294-0F5F65849F4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7ABEE98-3FF4-4E7C-B1CD-0E5E56E437FF", "versionEndExcluding": "01.21.142.4-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc3:-:*:*:*:*:*:*:*", "matchCriteriaId": "373009ED-3AE4-4F0B-940D-8E82668C3FF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "84D6AF5F-AD6D-4A30-9D72-31A3BA2A5DC3", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc4:-:*:*:*:*:*:*:*", "matchCriteriaId": "0327220F-B5E6-4722-AEB2-BC4C21F1060D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:desigo_pxc5_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B710014-DE57-43C2-9BFE-A4F8AF6542D5", "versionEndExcluding": "02.20.142.10-10884", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:desigo_pxc5:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4E2A7F6-B6E5-4230-8F13-64745C434A71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a \u201cout of work\u201d state and could result in the controller going into a \u201cfactory reset\u201d state."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Desigo DXR2 (Todas las versiones anteriores a V01.21.142.5-22), Desigo PXC3 (Todas las versiones anteriores a V01.21.142.4-18), Desigo PXC4 (Todas las versiones anteriores a V02.20.142.10-10884), Desigo PXC5 (Todas las versiones anteriores a V02.20.142.10-10884). Cuando el controlador recibe un paquete de protocolo BACnet espec\u00edfico, una excepci\u00f3n causa que la funci\u00f3n de comunicaci\u00f3n BACnet pase a un estado \"out of work\" y podr\u00eda resultar que el controlador pase a un estado \"factory reset\""}], "id": "CVE-2021-41545", "lastModified": "2022-05-19T17:09:19.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-10T11:15:07.840", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-662649.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-248"}], "source": "productcert@siemens.com", "type": "Secondary"}]}