Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-27393 (GCVE-0-2021-27393)
Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:48
VLAI?
EPSS
Summary
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
Severity ?
No CVSS data available.
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Nucleus NET |
Affected:
All versions
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:16.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nucleus NET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Nucleus ReadyStart V3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2013.08"
}
]
},
{
"product": "Nucleus Source Code",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "Versions including affected DNS modules"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-11T11:27:04.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2013.08"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "Versions including affected DNS modules"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-27393",
"datePublished": "2021-04-22T20:42:21.000Z",
"dateReserved": "2021-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:16.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2021-28698
Vulnerability from cnvd - Published: 2021-04-15
VLAI Severity ?
Title
Siemens Nucleus产品DNS模块可预测UDP端口号漏洞
Description
Nucleus NET模块包含了一系列符合标准的网络和通信协议、驱动程序和实用程序,以在任何嵌入式设备中提供全功能的网络支持。Nucleus RTOS提供了一个高度可扩展的基于微内核的实时操作系统,该系统设计用于航天、工业和医疗应用范围内的系统的可扩展性和可靠性。VSTAR是一个完整的基于AUTOSAR 4的ECU解决方案,为及时部署产品提供工具和嵌入式软件。Nucleus ReadyStart是一个具有集成软件IP、工具和服务的平台。
Siemens Nucleus产品DNS模块存在安全漏洞。该漏洞是由于DNS客户端未正确随机化UDP端口数的DNS请求。攻击者可利用漏洞导致DNS缓存中毒或欺骗DNS解析。
Severity
中
Patch Name
Siemens Nucleus产品DNS模块可预测UDP端口号漏洞的补丁
Patch Description
Nucleus NET模块包含了一系列符合标准的网络和通信协议、驱动程序和实用程序,以在任何嵌入式设备中提供全功能的网络支持。Nucleus RTOS提供了一个高度可扩展的基于微内核的实时操作系统,该系统设计用于航天、工业和医疗应用范围内的系统的可扩展性和可靠性。VSTAR是一个完整的基于AUTOSAR 4的ECU解决方案,为及时部署产品提供工具和嵌入式软件。Nucleus ReadyStart是一个具有集成软件IP、工具和服务的平台。
Siemens Nucleus产品DNS模块存在安全漏洞。该漏洞是由于DNS客户端未正确随机化UDP端口数的DNS请求。攻击者可利用漏洞导致DNS缓存中毒或欺骗DNS解析。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf
Impacted products
| Name | ['Siemens Nucleus NET', 'Siemens Nucleus RTOS', 'Siemens Nucleus Source Code', 'Siemens VSTAR', 'Siemens Nucleus ReadyStart < V2013.08'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-27393"
}
},
"description": "Nucleus NET\u6a21\u5757\u5305\u542b\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9ad8\u5ea6\u53ef\u6269\u5c55\u7684\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\uff0c\u8be5\u7cfb\u7edf\u8bbe\u8ba1\u7528\u4e8e\u822a\u5929\u3001\u5de5\u4e1a\u548c\u533b\u7597\u5e94\u7528\u8303\u56f4\u5185\u7684\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u548c\u53ef\u9760\u6027\u3002VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u57fa\u4e8eAUTOSAR 4\u7684ECU\u89e3\u51b3\u65b9\u6848\uff0c\u4e3a\u53ca\u65f6\u90e8\u7f72\u4ea7\u54c1\u63d0\u4f9b\u5de5\u5177\u548c\u5d4c\u5165\u5f0f\u8f6f\u4ef6\u3002Nucleus ReadyStart\u662f\u4e00\u4e2a\u5177\u6709\u96c6\u6210\u8f6f\u4ef6IP\u3001\u5de5\u5177\u548c\u670d\u52a1\u7684\u5e73\u53f0\u3002\n\nSiemens Nucleus\u4ea7\u54c1DNS\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDNS\u5ba2\u6237\u7aef\u672a\u6b63\u786e\u968f\u673a\u5316UDP\u7aef\u53e3\u6570\u7684DNS\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4DNS\u7f13\u5b58\u4e2d\u6bd2\u6216\u6b3a\u9a97DNS\u89e3\u6790\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-28698",
"openTime": "2021-04-15",
"patchDescription": "Nucleus NET\u6a21\u5757\u5305\u542b\u4e86\u4e00\u7cfb\u5217\u7b26\u5408\u6807\u51c6\u7684\u7f51\u7edc\u548c\u901a\u4fe1\u534f\u8bae\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u5b9e\u7528\u7a0b\u5e8f\uff0c\u4ee5\u5728\u4efb\u4f55\u5d4c\u5165\u5f0f\u8bbe\u5907\u4e2d\u63d0\u4f9b\u5168\u529f\u80fd\u7684\u7f51\u7edc\u652f\u6301\u3002Nucleus RTOS\u63d0\u4f9b\u4e86\u4e00\u4e2a\u9ad8\u5ea6\u53ef\u6269\u5c55\u7684\u57fa\u4e8e\u5fae\u5185\u6838\u7684\u5b9e\u65f6\u64cd\u4f5c\u7cfb\u7edf\uff0c\u8be5\u7cfb\u7edf\u8bbe\u8ba1\u7528\u4e8e\u822a\u5929\u3001\u5de5\u4e1a\u548c\u533b\u7597\u5e94\u7528\u8303\u56f4\u5185\u7684\u7cfb\u7edf\u7684\u53ef\u6269\u5c55\u6027\u548c\u53ef\u9760\u6027\u3002VSTAR\u662f\u4e00\u4e2a\u5b8c\u6574\u7684\u57fa\u4e8eAUTOSAR 4\u7684ECU\u89e3\u51b3\u65b9\u6848\uff0c\u4e3a\u53ca\u65f6\u90e8\u7f72\u4ea7\u54c1\u63d0\u4f9b\u5de5\u5177\u548c\u5d4c\u5165\u5f0f\u8f6f\u4ef6\u3002Nucleus ReadyStart\u662f\u4e00\u4e2a\u5177\u6709\u96c6\u6210\u8f6f\u4ef6IP\u3001\u5de5\u5177\u548c\u670d\u52a1\u7684\u5e73\u53f0\u3002\r\n\r\nSiemens Nucleus\u4ea7\u54c1DNS\u6a21\u5757\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDNS\u5ba2\u6237\u7aef\u672a\u6b63\u786e\u968f\u673a\u5316UDP\u7aef\u53e3\u6570\u7684DNS\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4DNS\u7f13\u5b58\u4e2d\u6bd2\u6216\u6b3a\u9a97DNS\u89e3\u6790\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Nucleus\u4ea7\u54c1DNS\u6a21\u5757\u53ef\u9884\u6d4bUDP\u7aef\u53e3\u53f7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Nucleus NET",
"Siemens Nucleus RTOS",
"Siemens Nucleus Source Code",
"Siemens VSTAR",
"Siemens Nucleus ReadyStart \u003c V2013.08"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf",
"serverity": "\u4e2d",
"submitTime": "2021-04-13",
"title": "Siemens Nucleus\u4ea7\u54c1DNS\u6a21\u5757\u53ef\u9884\u6d4bUDP\u7aef\u53e3\u53f7\u6f0f\u6d1e"
}
CERTFR-2021-AVI-255
Vulnerability from certfr_avis - Published: 2021-04-14 - Updated: 2021-04-14
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | LOGO! Soft Comfort toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R2 | ||
| Siemens | N/A | Solid Edge SE2021 versions antérieures à SE2021MP4 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R3 | ||
| Siemens | N/A | Nucleus NET versions antérieures à 5.2 | ||
| Siemens | N/A | TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions antérieures à V2.6.0 | ||
| Siemens | N/A | SiNVR/SiVMS Video Server toutes versions | ||
| Siemens | N/A | Nucleus RTOS versions contenant le module DNS affecté | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions antérieures à V3.0.44 | ||
| Siemens | N/A | Solid Edge SE2020 toutes versions | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions | ||
| Siemens | N/A | Opcenter Quality versions antérieures à 12.2 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2019 R1 | ||
| Siemens | N/A | SIMATIC NET CP 443-5 Extended toutes versions | ||
| Siemens | N/A | VSTAR versions contenant le module DNS affecté | ||
| Siemens | N/A | Control Center Server (CCS) toutes versions | ||
| Siemens | N/A | TIM 4R-IE (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R1 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à 3.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R2 | ||
| Siemens | N/A | SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.1.1 | ||
| Siemens | N/A | SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions antérieures à V3.2.9 | ||
| Siemens | N/A | SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R2 | ||
| Siemens | N/A | Nucleus ReadyStart toutes versions | ||
| Siemens | N/A | Nucleus 4 versions antérieures à 4.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2018 R3 | ||
| Siemens | N/A | QMS Automotive versions antérieures à 12.30 | ||
| Siemens | N/A | Tecnomatix RobotExpert versions antérieures à 16.1 | ||
| Siemens | N/A | TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions antérieures à V3.1.0 | ||
| Siemens | N/A | Siveillance Video Open Network Bridge:2020 R3 | ||
| Siemens | N/A | Nucleus Source Code versions contenant le module DNS affecté | ||
| Siemens | N/A | TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions | ||
| Siemens | N/A | SIMOTICS CONNECT 400 toutes verions |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "LOGO! Soft Comfort toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus NET versions ant\u00e9rieures \u00e0 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiNVR/SiVMS Video Server toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus RTOS versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2020 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Opcenter Quality versions ant\u00e9rieures \u00e0 12.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2019 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-5 Extended toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "VSTAR versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Control Center Server (CCS) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2018 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "QMS Automotive versions ant\u00e9rieures \u00e0 12.30",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video Open Network Bridge:2020 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code versions contenant le module DNS affect\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTICS CONNECT 400 toutes verions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
},
{
"name": "CVE-2015-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7855"
},
{
"name": "CVE-2019-18339",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18339"
},
{
"name": "CVE-2016-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
},
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2021-27389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27389"
},
{
"name": "CVE-2021-27382",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27382"
},
{
"name": "CVE-2020-27736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
},
{
"name": "CVE-2021-27380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
},
{
"name": "CVE-2015-5219",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5219"
},
{
"name": "CVE-2016-1550",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2021-27392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27392"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2021-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
},
{
"name": "CVE-2020-15795",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2021-25664",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
},
{
"name": "CVE-2020-25243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25243"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-8214",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8214"
},
{
"name": "CVE-2019-19299",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19299"
},
{
"name": "CVE-2020-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
},
{
"name": "CVE-2021-25678",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25678"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2021-27393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
},
{
"name": "CVE-2020-25244",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25244"
},
{
"name": "CVE-2019-18340",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18340"
},
{
"name": "CVE-2021-25670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25670"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-7871",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7871"
},
{
"name": "CVE-2020-27738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
},
{
"name": "CVE-2019-19298",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19298"
},
{
"name": "CVE-2020-26997",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26997"
},
{
"name": "CVE-2019-19291",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19291"
},
{
"name": "CVE-2020-27737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
},
{
"name": "CVE-2019-19297",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19297"
},
{
"name": "CVE-2016-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
},
{
"name": "CVE-2021-25677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
},
{
"name": "CVE-2019-19296",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19296"
}
],
"initial_release_date": "2021-04-14T00:00:00",
"last_revision_date": "2021-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-255",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
CERTFR-2021-AVI-854
Vulnerability from certfr_avis - Published: 2021-11-09 - Updated: 2021-11-09
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Capital VSTAR versions incluant les modules DNS | ||
| Siemens | N/A | Nucleus Source Code toutes versions | ||
| Siemens | N/A | Mendix Applications using Mendix 9 toutes versions antérieures à V9.6.2 | ||
| Siemens | N/A | Nucleus NET toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V15 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V17 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC OA V3.18 toutes versions | ||
| Siemens | N/A | NX 1980 Series toutes versions antérieures à V1984 | ||
| Siemens | N/A | APOGEE MEC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC V7.5 toutes versions antérieures à V7.5 SP2 Update 5 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.17 toutes versions | ||
| Siemens | N/A | Climatix POL909 (AWM module) toutes versions antérieures à V11.34 | ||
| Siemens | N/A | SCALANCE W1750D toutes versions antérieures à V8.7.1.3 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 toutes versions | ||
| Siemens | N/A | Siveillance Video DLNA Server 2021 R1 | ||
| Siemens | N/A | SIMATIC PCS 7 V9.1 toutes versions | ||
| Siemens | N/A | Mendix Applications using Mendix 7 toutes versions antérieures à V7.23.26 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) toutes versions | ||
| Siemens | N/A | Nucleus Source Code versions incluant les modules DNS | ||
| Siemens | N/A | SIMATIC WinCC V16 toutes versions | ||
| Siemens | N/A | SIMATIC Information Server toutes versions >= V2019 SP1 | ||
| Siemens | N/A | SICAM 230 toutes versions | ||
| Siemens | N/A | Nucleus ReadyStart V4 toutes versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Applications using Mendix 8 toutes versions antérieures à V8.18.13 | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2017.02.4 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager toutes versions antérieures à V2.12 | ||
| Siemens | N/A | Siveillance Video DLNA Server 2020 R1, 2020 R2, 2020 R3 | ||
| Siemens | N/A | Capital VSTAR toutes versions | ||
| Siemens | N/A | Siveillance Video DLNA Server 2019 R1, 2019 R2, 2019 R3 | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2013.08 | ||
| Siemens | N/A | APOGEE MEC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | PSS(R)ODMS V12 toutes versions antérieures à V12.2.6.1 | ||
| Siemens | N/A | Nucleus ReadyStart V3 toutes versions antérieures à V2012.12 | ||
| Siemens | N/A | SENTRON powermanager V3 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) toutes versions | ||
| Siemens | N/A | NX 1980 Series toutes versions antérieures à V1988 | ||
| Siemens | N/A | PSS(R)E V34 toutes versions antérieures à V34.9.1 | ||
| Siemens | N/A | APOGEE MBC (PPC) (P2 Ethernet) toutes versions | ||
| Siemens | N/A | NX 1953 Series toutes versions antérieures à V1973.3700 | ||
| Siemens | N/A | APOGEE MBC (PPC) (BACnet) toutes versions | ||
| Siemens | N/A | PSS(R)E V35 toutes versions antérieures à V35.3.2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Capital VSTAR versions incluant les modules DNS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 9 toutes versions ant\u00e9rieures \u00e0 V9.6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus NET toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.18 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1980 Series toutes versions ant\u00e9rieures \u00e0 V1984",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 toutes versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Climatix POL909 (AWM module) toutes versions ant\u00e9rieures \u00e0 V11.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1750D toutes versions ant\u00e9rieures \u00e0 V8.7.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2021 R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 7 toutes versions ant\u00e9rieures \u00e0 V7.23.26",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus Source Code versions incluant les modules DNS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Information Server toutes versions \u003e= V2019 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM 230 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V4 toutes versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Applications using Mendix 8 toutes versions ant\u00e9rieures \u00e0 V8.18.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2017.02.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager toutes versions ant\u00e9rieures \u00e0 V2.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2020 R1, 2020 R2, 2020 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Capital VSTAR toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Video DLNA Server 2019 R1, 2019 R2, 2019 R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2013.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)ODMS V12 toutes versions ant\u00e9rieures \u00e0 V12.2.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Nucleus ReadyStart V3 toutes versions ant\u00e9rieures \u00e0 V2012.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON powermanager V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1980 Series toutes versions ant\u00e9rieures \u00e0 V1988",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E V34 toutes versions ant\u00e9rieures \u00e0 V34.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1953 Series toutes versions ant\u00e9rieures \u00e0 V1973.3700",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PSS(R)E V35 toutes versions ant\u00e9rieures \u00e0 V35.3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
},
{
"name": "CVE-2021-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2021-42026",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42026"
},
{
"name": "CVE-2021-37734",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37734"
},
{
"name": "CVE-2021-42025",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42025"
},
{
"name": "CVE-2021-37732",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37732"
},
{
"name": "CVE-2021-31888",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
},
{
"name": "CVE-2020-27736",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
},
{
"name": "CVE-2021-31885",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
},
{
"name": "CVE-2021-31887",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
},
{
"name": "CVE-2020-10053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10053"
},
{
"name": "CVE-2021-37735",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37735"
},
{
"name": "CVE-2021-41533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41533"
},
{
"name": "CVE-2021-25663",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25663"
},
{
"name": "CVE-2021-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
},
{
"name": "CVE-2021-42015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42015"
},
{
"name": "CVE-2021-40366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40366"
},
{
"name": "CVE-2020-15795",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
},
{
"name": "CVE-2021-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
},
{
"name": "CVE-2021-25664",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25664"
},
{
"name": "CVE-2021-41057",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41057"
},
{
"name": "CVE-2021-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37207"
},
{
"name": "CVE-2021-40358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40358"
},
{
"name": "CVE-2020-10052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10052"
},
{
"name": "CVE-2021-37726",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37726"
},
{
"name": "CVE-2020-10054",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10054"
},
{
"name": "CVE-2021-41535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41535"
},
{
"name": "CVE-2021-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37727"
},
{
"name": "CVE-2021-27393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27393"
},
{
"name": "CVE-2021-31346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
},
{
"name": "CVE-2021-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40364"
},
{
"name": "CVE-2020-27738",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
},
{
"name": "CVE-2021-31889",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
},
{
"name": "CVE-2021-42021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42021"
},
{
"name": "CVE-2021-31883",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
},
{
"name": "CVE-2021-41538",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41538"
},
{
"name": "CVE-2021-40359",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40359"
},
{
"name": "CVE-2021-31886",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
},
{
"name": "CVE-2021-41534",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41534"
},
{
"name": "CVE-2021-31890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
},
{
"name": "CVE-2021-37730",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37730"
},
{
"name": "CVE-2021-31345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
},
{
"name": "CVE-2020-27737",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
},
{
"name": "CVE-2021-31344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
},
{
"name": "CVE-2021-25677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
}
],
"initial_release_date": "2021-11-09T00:00:00",
"last_revision_date": "2021-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-854",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-840188 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-362164 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-044112 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-328042 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-328042.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-917476 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917476.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-201384 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-537983 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-779699 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-580693 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-580693.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740908 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-740908.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145157 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-145157.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-338732 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-338732.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-755517 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 9 novembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
}
]
}
FKIE_CVE-2021-27393
Vulnerability from fkie_nvd - Published: 2021-04-22 21:15 - Updated: 2024-11-21 05:57
Severity ?
Summary
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | nucleus_net | * | |
| siemens | nucleus_readystart_v3 | * | |
| siemens | nucleus_source_code | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68638787-E37D-483F-8E83-51C9A52ECC8D",
"versionEndExcluding": "2013.08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53A38C64-612A-4BC5-83D5-D3FA1C90E0F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2013.08), Nucleus Source Code (Versiones que incluyen los m\u00f3dulos DNS afectados). El cliente DNS no aleatoriza correctamente los n\u00fameros de puerto UDP de las peticiones DNS. Esto podr\u00eda permitir a un atacante envenenar la cach\u00e9 DNS o falsificar la resoluci\u00f3n DNS."
}
],
"id": "CVE-2021-27393",
"lastModified": "2024-11-21T05:57:54.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-22T21:15:10.393",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-X7X4-R59J-H6W9
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI?
Details
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-27393"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-22T21:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions \u003c V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",
"id": "GHSA-x7x4-r59j-h6w9",
"modified": "2022-05-24T17:48:18Z",
"published": "2022-05-24T17:48:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27393"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2021-27393
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-27393",
"description": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",
"id": "GSD-2021-27393"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-27393"
],
"details": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",
"id": "GSD-2021-27393",
"modified": "2023-12-13T01:23:35.780529Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nucleus NET",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Nucleus ReadyStart V3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2013.08"
}
]
}
},
{
"product_name": "Nucleus Source Code",
"version": {
"version_data": [
{
"version_value": "Versions including affected DNS modules"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-330: Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2013.08",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27393"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-04-22T19:38Z",
"publishedDate": "2021-04-22T21:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…