• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – FormBook Malware – Active IOCs
November 12, 2021
Rewterz Threat Advisory – CVE-2021-40444 MSHTML Vulnerability Exploited in Spam Campaign
November 12, 2021

Rewterz Threat Advisory – ICS: Siemens Nucleus RTOS-based APOGEE and TALON Products

November 12, 2021

Severity

High

Analysis Summary

CVE-2021-31344

ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network.

CVE-2021-31345

The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks, depending on a user-defined application that runs on top of the UDP protocol.

CVE-2021-31346

The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including information leaks and denial-of-service conditions, depending on the network buffer organization in memory.

CVE-2021-31881 

When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions. 

CVE-2021-31882 

The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to denial-of-service conditions. 

CVE-2021-31883 

When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to denial-of-service conditions. 

CVE-2021-31884 

The DHCP client application assumes the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to out-of-bound reads, writes, and denial-of-service conditions. 

CVE-2021-31885 

TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. 

CVE-2021-31886 

FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution. 

CVE-2021-31887 

FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution. 

CVE-2021-31888 

FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in denial-of-service conditions and remote code execution. 

CVE-2021-31889 

Malformed TCP packets with a corrupted SACK option leads to denial-of-service conditions. 

CVE-2021-31890 

The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including denial-of-service conditions, depending on the network buffer organization in memory.

Impact

  • Denial of Service
  • Remote Code Execution

Affected Vendors

  • Siemens

Affected Products

  • APOGEE MBC (PPC) (BACnet): All versions
  • APOGEE MBC (PPC) (P2 Ethernet): All versions
  • APOGEE MEC (PPC) (BACnet): All versions
  • APOGEE MEC (PPC) (P2 Ethernet): All versions
  • APOGEE PXC Compact (BACnet): All versions
  • APOGEE PXC Compact (P2 Ethernet): All versions
  • APOGEE PXC Modular (BACnet): All versions
  • APOGEE PXC Modular (P2 Ethernet): All versions
  • TALON TC Compact (BACnet): All versions
  • TALON TC Modular (BACnet): All versions

Remediation

Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.

https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.