Information Leak and Denial of Service in Capital Embedded AR and SIMOTICS Products

CVE-2021-31889

What is CVE-2021-31889?

A vulnerability affecting Siemens products has been identified, specifically in Capital Embedded AR Classic and SIMOTICS CONNECT 400 series. Attackers can exploit malformed TCP packets containing a corrupted SACK option, potentially leading to information leaks and denial-of-service conditions. This issue affects all versions of Capital Embedded AR Classic 431-422, as well as specific versions of Capital Embedded AR Classic R20-11, PLUSCONTROL 1st Gen, and SIMOTICS CONNECT 400. Users are advised to take proper defensive measures to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References