Improper Handling of Inconsistent Structural Elements

CVE-2021-31890

High

7.5/10

Summary

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-240 - Improper Handling of Inconsistent Structural Elements

The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

References

Advisory Timeline

Published Nov 09, 2021

Improper Handling of Inconsistent Structural Elements

CVE-2021-31890

Summary

CWE-240 - Improper Handling of Inconsistent Structural Elements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS