Security Advisory

CVE-2021-31889

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-09 11:32:01
Last updated 2025-03-11 09:47:45
Assigner siemens
State PUBLISHED

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)