{
  "document": {
    "title": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products",
    "category": "Siemens Security Advisory",
    "csaf_version": "2.0",
    "publisher": {
      "name": "Siemens ProductCERT",
      "contact_details": "productcert@siemens.com",
      "category": "vendor",
      "namespace": "https://www.siemens.com"
    },
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "tracking": {
      "id": "SSA-114589",
      "status": "interim",
      "version": "4",
      "revision_history": [
        {
          "number": "1",
          "legacy_version": "1.0",
          "date": "2021-11-09T00:00:00Z",
          "summary": "Publication Date"
        },
        {
          "number": "2",
          "legacy_version": "1.1",
          "date": "2021-12-14T00:00:00Z",
          "summary": "Added affected Desigo PXC/PXM products; updated corresponding mitigation measures; informed about planned solutions"
        },
        {
          "number": "3",
          "legacy_version": "1.2",
          "date": "2022-04-12T00:00:00Z",
          "summary": "Added solutions for APOGEE PXC Compact (BACnet), APOGEE PXC Modular (BACnet), TALON TC Compact (BACnet), and TALON TC Modular (BACnet) products"
        },
        {
          "number": "4",
          "legacy_version": "1.3",
          "date": "2022-05-10T00:00:00Z",
          "summary": "Added solutions for APOGEE PXC Compact (P2 Ethernet), APOGEE PXC Modular (P2 Ethernet), Desigo PXC Products, Desigo PXM Products"
        }
      ],
      "initial_release_date": "2021-11-09T00:00:00Z",
      "current_release_date": "2022-05-10T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      }
    },
    "notes": [
      {
        "title": "Summary",
        "category": "summary",
        "text": "Multiple vulnerabilities (also known as \"NUCLEUS:13\") have been identified in the Nucleus RTOS (real-time operating system) and reported in the Siemens Security Advisory SSA-044112: https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf.\n\nThe products listed below use affected versions of the Nucleus software and inherently contain these vulnerabilities.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available."
      },
      {
        "title": "General Recommendations",
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment."
      },
      {
        "title": "Additional Resources",
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories"
      },
      {
        "title": "Terms of Use",
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use."
      }
    ],
    "references": [
      {
        "category": "self",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf",
        "summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - PDF Version"
      },
      {
        "category": "self",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-114589.txt",
        "summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - TXT Version"
      },
      {
        "category": "self",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-114589.json",
        "summary": "SSA-114589: Multiple Vulnerabilities in Nucleus RTOS based APOGEE, TALON and Desigo PXC/PXM Products - CSAF Version"
      }
    ]
  },
  "product_tree": {
    "branches": [
      {
        "name": "Siemens",
        "category": "vendor",
        "branches": [
          {
            "name": "APOGEE MBC (PPC) (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "vers:all/*",
                "category": "product_version_range",
                "product": {
                  "product_id": "1",
                  "name": "APOGEE MBC (PPC) (BACnet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE MBC (PPC) (P2 Ethernet)",
            "category": "product_name",
            "branches": [
              {
                "name": "vers:all/*",
                "category": "product_version_range",
                "product": {
                  "product_id": "2",
                  "name": "APOGEE MBC (PPC) (P2 Ethernet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE MEC (PPC) (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "vers:all/*",
                "category": "product_version_range",
                "product": {
                  "product_id": "3",
                  "name": "APOGEE MEC (PPC) (BACnet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE MEC (PPC) (P2 Ethernet)",
            "category": "product_name",
            "branches": [
              {
                "name": "vers:all/*",
                "category": "product_version_range",
                "product": {
                  "product_id": "4",
                  "name": "APOGEE MEC (PPC) (P2 Ethernet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE PXC Compact (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V3.5.4",
                "category": "product_version_range",
                "product": {
                  "product_id": "5",
                  "name": "APOGEE PXC Compact (BACnet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE PXC Compact (P2 Ethernet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V2.8.19",
                "category": "product_version_range",
                "product": {
                  "product_id": "6",
                  "name": "APOGEE PXC Compact (P2 Ethernet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE PXC Modular (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V3.5.4",
                "category": "product_version_range",
                "product": {
                  "product_id": "7",
                  "name": "APOGEE PXC Modular (BACnet)"
                }
              }
            ]
          },
          {
            "name": "APOGEE PXC Modular (P2 Ethernet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V2.8.19",
                "category": "product_version_range",
                "product": {
                  "product_id": "8",
                  "name": "APOGEE PXC Modular (P2 Ethernet)"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC00-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "9",
                  "name": "Desigo PXC00-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC00-U",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "10",
                  "name": "Desigo PXC00-U"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC001-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "11",
                  "name": "Desigo PXC001-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC12-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "12",
                  "name": "Desigo PXC12-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC22-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "13",
                  "name": "Desigo PXC22-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC22.1-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "14",
                  "name": "Desigo PXC22.1-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC36.1-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "15",
                  "name": "Desigo PXC36.1-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC50-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "16",
                  "name": "Desigo PXC50-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC64-U",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "17",
                  "name": "Desigo PXC64-U"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC100-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "18",
                  "name": "Desigo PXC100-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC128-U",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "19",
                  "name": "Desigo PXC128-U"
                }
              }
            ]
          },
          {
            "name": "Desigo PXC200-E.D",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "20",
                  "name": "Desigo PXC200-E.D"
                }
              }
            ]
          },
          {
            "name": "Desigo PXM20-E",
            "category": "product_name",
            "branches": [
              {
                "name": ">= V2.3 and < V6.30.016",
                "category": "product_version_range",
                "product": {
                  "product_id": "21",
                  "name": "Desigo PXM20-E"
                }
              }
            ]
          },
          {
            "name": "TALON TC Compact (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V3.5.4",
                "category": "product_version_range",
                "product": {
                  "product_id": "22",
                  "name": "TALON TC Compact (BACnet)"
                }
              }
            ]
          },
          {
            "name": "TALON TC Modular (BACnet)",
            "category": "product_name",
            "branches": [
              {
                "name": "< V3.5.4",
                "category": "product_version_range",
                "product": {
                  "product_id": "23",
                  "name": "TALON TC Modular (BACnet)"
                }
              }
            ]
          }
        ]
      }
    ]
  },
  "vulnerabilities": [
    {
      "title": "CVE-2021-31344",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)"
        }
      ],
      "cve": "CVE-2021-31344",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type ('Type Confusion')"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31344 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31344.json",
          "summary": "CVE-2021-31344 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31345",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
        }
      ],
      "cve": "CVE-2021-31345",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31345 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31345.json",
          "summary": "CVE-2021-31345 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31346",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
        }
      ],
      "cve": "CVE-2021-31346",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31346 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31346.json",
          "summary": "CVE-2021-31346 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31881",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)"
        }
      ],
      "cve": "CVE-2021-31881",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31881 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31881.json",
          "summary": "CVE-2021-31881 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31882",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)"
        }
      ],
      "cve": "CVE-2021-31882",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31882 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31882.json",
          "summary": "CVE-2021-31882 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31883",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)"
        }
      ],
      "cve": "CVE-2021-31883",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31883 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31883.json",
          "summary": "CVE-2021-31883 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31884",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)"
        }
      ],
      "cve": "CVE-2021-31884",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31884 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31884.json",
          "summary": "CVE-2021-31884 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31885",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)"
        }
      ],
      "cve": "CVE-2021-31885",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31885 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31885.json",
          "summary": "CVE-2021-31885 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31886",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)"
        }
      ],
      "cve": "CVE-2021-31886",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31886 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31886.json",
          "summary": "CVE-2021-31886 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31887",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)"
        }
      ],
      "cve": "CVE-2021-31887",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31887 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31887.json",
          "summary": "CVE-2021-31887 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31888",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)"
        }
      ],
      "cve": "CVE-2021-31888",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31888 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31888.json",
          "summary": "CVE-2021-31888 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31889",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)"
        }
      ],
      "cve": "CVE-2021-31889",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31889 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31889.json",
          "summary": "CVE-2021-31889 Mitre 5.0 json"
        }
      ]
    },
    {
      "title": "CVE-2021-31890",
      "notes": [
        {
          "title": "Summary",
          "category": "summary",
          "text": "The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)"
        }
      ],
      "cve": "CVE-2021-31890",
      "cwe": {
        "id": "CWE-240",
        "name": "Improper Handling of Inconsistent Structural Elements"
      },
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "version": "3.1",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ]
        }
      ],
      "remediations": [
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ],
          "category": "no_fix_planned",
          "details": "Currently no fix is planned"
        },
        {
          "product_ids": [
            "5",
            "7",
            "22",
            "23"
          ],
          "category": "vendor_fix",
          "details": "Update to V3.5.4 or later version"
        },
        {
          "product_ids": [
            "6",
            "8"
          ],
          "category": "vendor_fix",
          "details": "Update to V2.8.19 or later version"
        },
        {
          "product_ids": [
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21"
          ],
          "category": "vendor_fix",
          "details": "Update to V6.30.016 or later version",
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31881, CVE-2021-31882, CVE-2021-31883, CVE-2021-31884: Disable the DHCP client and use static IP address configuration instead (Note that the DHCP client is disabled by default on APOGEE/TALON and Desigo products.)"
        },
        {
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23"
          ],
          "category": "mitigation",
          "details": "CVE-2021-31885, CVE-2021-31886, CVE-2021-31887, CVE-2021-31888: Disable the FTP service (Note that the FTP service is disabled by default on Desigo products.)"
        }
      ],
      "references": [
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC00-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC00-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC001-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC12-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC22-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC22.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC36.1-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC50-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC64-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC100-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC128-U"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXC200-E.D"
        },
        {
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109810577",
          "summary": "CVE-2021-31890 - Desigo PXM20-E"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2021-31890.json",
          "summary": "CVE-2021-31890 Mitre 5.0 json"
        }
      ]
    }
  ]
}

