All the vulnerabilites related to Siemens - Capital VSTAR
cve-2021-31884
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf | x_refsource_MISC | |
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | APOGEE MBC (PPC) (BACnet) |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:10:30.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "APOGEE MBC (PPC) (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "APOGEE MBC (PPC) (P2 Ethernet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "APOGEE MEC (PPC) (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "APOGEE MEC (PPC) (P2 Ethernet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "APOGEE PXC Compact (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.5.4" } ] }, { "product": "APOGEE PXC Compact (P2 Ethernet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8.19" } ] }, { "product": "APOGEE PXC Modular (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.5.4" } ] }, { "product": "APOGEE PXC Modular (P2 Ethernet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.8.19" } ] }, { "product": "Capital VSTAR", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions with enabled Ethernet options" } ] }, { "product": "Desigo PXC00-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC00-U", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC001-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC100-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC12-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC128-U", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC200-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC22-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC22.1-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC36.1-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC50-E.D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXC64-U", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Desigo PXM20-E", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] }, { "product": "Nucleus NET", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "Nucleus ReadyStart V3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2017.02.4" } ] }, { "product": "Nucleus Source Code", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "TALON TC Compact (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.5.4" } ] }, { "product": "TALON TC Modular (BACnet)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.5.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-170", "description": "CWE-170: Improper Null Termination", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:46:33", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31884", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "APOGEE MBC (PPC) (BACnet)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "APOGEE MBC (PPC) (P2 Ethernet)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "APOGEE MEC (PPC) (BACnet)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "APOGEE MEC (PPC) (P2 Ethernet)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "APOGEE PXC Compact (BACnet)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.5.4" } ] } }, { "product_name": "APOGEE PXC Compact (P2 Ethernet)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8.19" } ] } }, { "product_name": "APOGEE PXC Modular (BACnet)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.5.4" } ] } }, { "product_name": "APOGEE PXC Modular (P2 Ethernet)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.8.19" } ] } }, { "product_name": "Capital VSTAR", "version": { "version_data": [ { "version_value": "All versions with enabled Ethernet options" } ] } }, { "product_name": "Desigo PXC00-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC00-U", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC001-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC100-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC12-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC128-U", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC200-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC22-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC22.1-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC36.1-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC50-E.D", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXC64-U", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Desigo PXM20-E", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.3 and \u003c V6.30.016" } ] } }, { "product_name": "Nucleus NET", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "Nucleus ReadyStart V3", "version": { "version_data": [ { "version_value": "All versions \u003c V2017.02.4" } ] } }, { "product_name": "Nucleus Source Code", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "TALON TC Compact (BACnet)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.5.4" } ] } }, { "product_name": "TALON TC Modular (BACnet)", "version": { "version_data": [ { "version_value": "All versions \u003c V3.5.4" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-170: Improper Null Termination" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-31884", "datePublished": "2021-11-09T11:31:57", "dateReserved": "2021-04-29T00:00:00", "dateUpdated": "2024-08-03T23:10:30.775Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202104-1830
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services.
Siemens Nucleus products have security vulnerabilities. An attacker can use the vulnerability to put the function into infinity by providing an arbitrary length value. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1830", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.4" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "nucleus readystart v4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "vstar", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus source code", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus readystart", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4\u003cv4.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "NVD", "id": "CVE-2021-25664" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-993" } ], "trust": 0.6 }, "cve": "CVE-2021-25664", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-25664", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2021-28696", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-25664", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25664", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-25664", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-28696", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-993", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-25664", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "VULMON", "id": "CVE-2021-25664" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-993" }, { "db": "NVD", "id": "CVE-2021-25664" }, { "db": "NVD", "id": "CVE-2021-25664" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. \n\r\n\r\nSiemens Nucleus products have security vulnerabilities. An attacker can use the vulnerability to put the function into infinity by providing an arbitrary length value. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-25664" }, { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-25664" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-25664", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-248289", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-21-103-05", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2021-28696", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1245", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-993", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-25664", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "VULMON", "id": "CVE-2021-25664" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-993" }, { "db": "NVD", "id": "CVE-2021-25664" } ] }, "id": "VAR-202104-1830", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" } ], "trust": 1.1225228600000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" } ] }, "last_update_date": "2024-11-23T21:31:54.540000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Nucleus product IPv6 stack denial of service vulnerability (CNVD-2021-28696)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/258471" }, { "title": "siemens Nucleus Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147374" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2e667a20dc904cea13ad0154c0461a55" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "VULMON", "id": "CVE-2021-25664" }, { "db": "CNNVD", "id": "CNNVD-202104-993" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-25664" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1245" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25664" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/835.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "VULMON", "id": "CVE-2021-25664" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-993" }, { "db": "NVD", "id": "CVE-2021-25664" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-28696" }, { "db": "VULMON", "id": "CVE-2021-25664" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-993" }, { "db": "NVD", "id": "CVE-2021-25664" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28696" }, { "date": "2021-04-22T00:00:00", "db": "VULMON", "id": "CVE-2021-25664" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-993" }, { "date": "2021-04-22T21:15:09.990000", "db": "NVD", "id": "CVE-2021-25664" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28696" }, { "date": "2021-04-30T00:00:00", "db": "VULMON", "id": "CVE-2021-25664" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-993" }, { "date": "2024-11-21T05:55:14.957000", "db": "NVD", "id": "CVE-2021-25664" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-993" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus product IPv6 stack denial of service vulnerability (CNVD-2021-28696)", "sources": [ { "db": "CNVD", "id": "CNVD-2021-28696" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-993" } ], "trust": 1.2 } }
var-202111-1612
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1612", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2014.12" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31345" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" } ], "trust": 0.6 }, "cve": "CVE-2021-31345", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31345", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31345", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31345", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31345", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31345", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-853", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" }, { "db": "NVD", "id": "CVE-2021-31345" }, { "db": "NVD", "id": "CVE-2021-31345" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)", "sources": [ { "db": "NVD", "id": "CVE-2021-31345" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31345", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010910", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0094", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-853", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" }, { "db": "NVD", "id": "CVE-2021-31345" } ] }, "id": "VAR-202111-1612", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T21:00:09.032000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178542" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1284", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31345" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://source.android.com/security/bulletin/2022-01-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0094" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31345" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010910" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" }, { "db": "NVD", "id": "CVE-2021-31345" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-853" }, { "db": "NVD", "id": "CVE-2021-31345" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-853" }, { "date": "2021-11-09T12:15:09.143000", "db": "NVD", "id": "CVE-2021-31345" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-853" }, { "date": "2024-10-08T09:15:04.067000", "db": "NVD", "id": "CVE-2021-31345" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-853" } ], "trust": 0.6 } }
var-202102-1448
Vulnerability from variot
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Nucleus NET , Nucleus ReadyStart , PLUSCONTROL 1st Gen Exists in unspecified vulnerabilities.Information may be tampered with. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device.
Siemens Nucleus NET has security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202102-1448", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus net", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2012.12" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "pluscontrol 1st gen", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus net", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v5.2" }, { "model": "nucleus readystart for arm,mips,and ppc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2012.12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "and Amine Amri of Forescout Research Labs reported these vulnerabilities to CISA., Stanislav Dashevskyi,Daniel dos Santos, Jos Wetzels", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-881" } ], "trust": 0.6 }, "cve": "CVE-2020-28388", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-28388", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2021-11834", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-28388", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-28388", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-28388", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-28388", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2020-28388", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2020-28388", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2021-11834", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202102-881", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-28388", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNNVD", "id": "CNNVD-202102-881" }, { "db": "NVD", "id": "CVE-2020-28388" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.20), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.20), Nucleus NET (All versions \u003c V5.2), Nucleus ReadyStart V3 (All versions \u003c V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.5), TALON TC Modular (BACnet) (All versions \u003c V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Nucleus NET , Nucleus ReadyStart , PLUSCONTROL 1st Gen Exists in unspecified vulnerabilities.Information may be tampered with. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. \n\r\n\r\nSiemens Nucleus NET has security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-28388", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-362164", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-436469", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-344238", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-068-08", "trust": 1.4 }, { "db": "SIEMENS", "id": "SSA-180579", "trust": 1.0 }, { "db": "JVN", "id": "JVNVU91083521", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU90767599", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU91561630", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93441670", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-22-349-14", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-015980", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-11834", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0853", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0538", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-042-01", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202102-881", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-10", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-28388", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNNVD", "id": "CNNVD-202102-881" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "id": "VAR-202102-1448", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" } ], "trust": 0.9393398399999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" } ] }, "last_update_date": "2024-11-23T20:57:34.216000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-362164 Siemens\u00a0Security\u00a0Advisory", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf" }, { "title": "Patch for Siemens Nucleus NET predictable initial sequence vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/248776" }, { "title": "Multiple Nucleus product Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=141302" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=864fdb86041bc2144f114e7ec91e8aa5" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec5d325ed2cb9493722dc92d15dd7d3b" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNNVD", "id": "CNNVD-202102-881" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-342", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu91083521" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93441670" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90767599" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91561630/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28388" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-14" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-08" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0853" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-08" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0538" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-042-01" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/342.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-10" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNNVD", "id": "CNNVD-202102-881" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-11834" }, { "db": "VULMON", "id": "CVE-2020-28388" }, { "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "db": "CNNVD", "id": "CNNVD-202102-881" }, { "db": "NVD", "id": "CVE-2020-28388" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2021-11834" }, { "date": "2021-02-09T00:00:00", "db": "VULMON", "id": "CVE-2020-28388" }, { "date": "2021-10-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "date": "2021-02-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-881" }, { "date": "2021-02-09T18:15:34.590000", "db": "NVD", "id": "CVE-2020-28388" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-12T00:00:00", "db": "CNVD", "id": "CNVD-2021-11834" }, { "date": "2022-12-13T00:00:00", "db": "VULMON", "id": "CVE-2020-28388" }, { "date": "2024-09-12T07:14:00", "db": "JVNDB", "id": "JVNDB-2020-015980" }, { "date": "2022-12-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202102-881" }, { "date": "2024-11-21T05:22:42.130000", "db": "NVD", "id": "CVE-2020-28388" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-881" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015980" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202102-881" } ], "trust": 0.6 } }
var-202111-1608
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1608", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.1" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31883" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" } ], "trust": 0.6 }, "cve": "CVE-2021-31883", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-31883", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31883", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-31883", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31883", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31883", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-847", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" }, { "db": "NVD", "id": "CVE-2021-31883" }, { "db": "NVD", "id": "CVE-2021-31883" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013)", "sources": [ { "db": "NVD", "id": "CVE-2021-31883" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31883", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-847", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" }, { "db": "NVD", "id": "CVE-2021-31883" } ] }, "id": "VAR-202111-1608", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T21:22:58.310000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174354" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31883" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" }, { "db": "NVD", "id": "CVE-2021-31883" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-847" }, { "db": "NVD", "id": "CVE-2021-31883" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-847" }, { "date": "2021-11-09T12:15:09.383000", "db": "NVD", "id": "CVE-2021-31883" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-847" }, { "date": "2024-10-08T09:15:05.633000", "db": "NVD", "id": "CVE-2021-31883" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus ReadyStart Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-847" } ], "trust": 0.6 } }
var-202001-1848
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. Several Siemens products contain input validation vulnerabilities.Information is falsified and denial of service (DoS) May be in a state. Nucleus RTOS provides a highly scalable, microkernel-based, real-time operating system designed for scalability and reliability in systems spanning aerospace, industrial, and medical applications.
The Siemens Mentor Nucleus Networking Module has a security vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1848", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus source code", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "*" }, { "model": "nucleus safetycert", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "*" }, { "model": "nucleus rtos", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "*" }, { "model": "desigo pxc00-u", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc00-u", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "desigo pxc22.1-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc22-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "apogee modular building controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8.2" }, { "model": "desigo pxc00-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc00-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "simotics connect 400", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "0.3.0.95" }, { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.2" }, { "model": "desigo pxc22-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigopxc128-u", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigopxm20-e", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo pxc36.1-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "apogee modular equiment controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8.2" }, { "model": "desigopxc50-e.d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo pxc001-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc001-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "desigo pxc12-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "desigo pxc12-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "desigo pxc36.1-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "desigopxc64-u", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigopxc200-e.d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo pxm20", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.8.2" }, { "model": "desigo pxc22.1-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.00.327" }, { "model": "desigopxc100-e.d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "talon tc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "nucleus net", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus readystart", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus safetycert", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus source code", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "vstar", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus rtos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus rtos", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus readystart for arm,mips,and ppc v2017.02.2", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus safetycert", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus source code", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "vstar", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "vstar", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart for arm mips and ppc nucleus2017.02.02 nucleus net patch", "scope": "lt", "trust": 0.2, "vendor": "siemens", "version": "v2017.02.2()" } ], "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1004" } ], "trust": 0.6 }, "cve": "CVE-2019-13939", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.8, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CVE-2019-13939", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2019-40512", "impactScore": 7.8, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "40768cf9-1948-4815-8773-a73bf2de3c14", "impactScore": 7.8, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-13939", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-13939", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13939", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2019-13939", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-13939", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-40512", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201911-1004", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14", "trust": 0.2, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-13939", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "VULMON", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "db": "NVD", "id": "CVE-2019-13939" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. Several Siemens products contain input validation vulnerabilities.Information is falsified and denial of service (DoS) May be in a state. Nucleus RTOS provides a highly scalable, microkernel-based, real-time operating system designed for scalability and reliability in systems spanning aerospace, industrial, and medical applications. \n\nThe Siemens Mentor Nucleus Networking Module has a security vulnerability. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack", "sources": [ { "db": "NVD", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "VULMON", "id": "CVE-2019-13939" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13939", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-434032", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-162506", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-20-105-06", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2019-40512", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201911-1004", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014365", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.4317", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1316", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-19-318-01", "trust": 0.6 }, { "db": "IVD", "id": "40768CF9-1948-4815-8773-A73BF2DE3C14", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2019-13939", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "VULMON", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "id": "VAR-202001-1848", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" } ], "trust": 1.2041140625 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" } ] }, "last_update_date": "2024-11-23T23:11:34.750000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-434032", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" }, { "title": "Patch for Unknown vulnerability in Siemens Mentor Nucleus Networking Module", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/189921" }, { "title": "Siemens Mentor Nucleus Multiple module input verification error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102969" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1d3485226953a78b85a97370300ecdef" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ac20b09bb530d9b8d4b71cc160e36049" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "VULMON", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13939" }, { "trust": 1.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-06" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1316/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4317/" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-318-01" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-105-06" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "VULMON", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNVD", "id": "CNVD-2019-40512" }, { "db": "VULMON", "id": "CVE-2019-13939" }, { "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "db": "NVD", "id": "CVE-2019-13939" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-14T00:00:00", "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "date": "2019-11-14T00:00:00", "db": "CNVD", "id": "CNVD-2019-40512" }, { "date": "2020-01-16T00:00:00", "db": "VULMON", "id": "CVE-2019-13939" }, { "date": "2020-02-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "date": "2019-11-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "date": "2020-01-16T16:15:16.277000", "db": "NVD", "id": "CVE-2019-13939" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-14T00:00:00", "db": "CNVD", "id": "CNVD-2019-40512" }, { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2019-13939" }, { "date": "2020-02-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014365" }, { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-1004" }, { "date": "2024-11-21T04:25:44.123000", "db": "NVD", "id": "CVE-2019-13939" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-1004" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014365" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "40768cf9-1948-4815-8773-a73bf2de3c14" }, { "db": "CNNVD", "id": "CNNVD-201911-1004" } ], "trust": 0.8 } }
var-202111-1610
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1610", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2012.08" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31881" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" } ], "trust": 0.6 }, "cve": "CVE-2021-31881", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-31881", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31881", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-31881", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31881", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31881", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-849", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" }, { "db": "NVD", "id": "CVE-2021-31881" }, { "db": "NVD", "id": "CVE-2021-31881" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)", "sources": [ { "db": "NVD", "id": "CVE-2021-31881" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-31881", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-849", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" }, { "db": "NVD", "id": "CVE-2021-31881" } ] }, "id": "VAR-202111-1610", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T21:14:25.166000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174356" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31881" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31881" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" }, { "db": "NVD", "id": "CVE-2021-31881" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-849" }, { "db": "NVD", "id": "CVE-2021-31881" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-849" }, { "date": "2021-11-09T12:15:09.257000", "db": "NVD", "id": "CVE-2021-31881" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-849" }, { "date": "2024-10-08T09:15:04.740000", "db": "NVD", "id": "CVE-2021-31881" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus ReadyStart Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-849" } ], "trust": 0.6 } }
var-202111-1614
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1614", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.4" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31890" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" } ], "trust": 0.6 }, "cve": "CVE-2021-31890", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31890", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31890", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31890", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31890", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31890", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-836", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" }, { "db": "NVD", "id": "CVE-2021-31890" }, { "db": "NVD", "id": "CVE-2021-31890" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0017)", "sources": [ { "db": "NVD", "id": "CVE-2021-31890" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31890", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-223353", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2022.0094", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031013", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010910", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-836", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" }, { "db": "NVD", "id": "CVE-2021-31890" } ] }, "id": "VAR-202111-1614", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T22:30:23.900000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178538" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-240", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31890" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://source.android.com/security/bulletin/2022-01-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0094" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010910" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031013" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" }, { "db": "NVD", "id": "CVE-2021-31890" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-836" }, { "db": "NVD", "id": "CVE-2021-31890" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-836" }, { "date": "2021-11-09T12:15:09.743000", "db": "NVD", "id": "CVE-2021-31890" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-836" }, { "date": "2024-10-08T09:15:06.630000", "db": "NVD", "id": "CVE-2021-31890" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus ReadyStart Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-836" } ], "trust": 0.6 } }
var-202111-1607
Vulnerability from variot
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1607", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "desigo pxc12-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "desigo pxc36.1-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc64-u", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.1" }, { "model": "desigo pxc22-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc200-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc00-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc22.1-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "apogee pxc modular", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.5.4" }, { "model": "apogee pxc modular", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8.19" }, { "model": "talon tc compact", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.5.4" }, { "model": "desigo pxc100-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc22-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc00-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc001-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc128-u", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc200-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc50-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "talon tc modular", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.5.4" }, { "model": "desigo pxc128-u", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc50-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc100-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc001-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "apogee pxc compact", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8.19" }, { "model": "desigo pxc36.1-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "apogee pxc compact", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.5.4" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "desigo pxc00-u", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc12-e.d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "desigo pxc22.1-e.d", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "desigo pxm20-e", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "desigo pxc00-u", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "desigo pxc64-u", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.30.016" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "desigo pxm20-e", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31884" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" } ], "trust": 0.6 }, "cve": "CVE-2021-31884", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31884", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31884", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31884", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202111-846", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" }, { "db": "NVD", "id": "CVE-2021-31884" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). The DHCP client application assumes that the data supplied with the \u201cHostname\u201d DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)", "sources": [ { "db": "NVD", "id": "CVE-2021-31884" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-31884", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-846", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" }, { "db": "NVD", "id": "CVE-2021-31884" } ] }, "id": "VAR-202111-1607", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41785447777777773 }, "last_update_date": "2024-08-14T12:26:13.797000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=174352" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-170", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31884" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" }, { "db": "NVD", "id": "CVE-2021-31884" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-846" }, { "db": "NVD", "id": "CVE-2021-31884" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-846" }, { "date": "2021-11-09T12:15:09.437000", "db": "NVD", "id": "CVE-2021-31884" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-846" }, { "date": "2023-06-26T19:15:56.157000", "db": "NVD", "id": "CVE-2021-31884" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus ReadyStart Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-846" } ], "trust": 0.6 } }
var-202111-1606
Vulnerability from variot
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). Several Siemens products contain vulnerabilities in accessing buffers with improper length values.Information may be obtained
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1606", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.4" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v4", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus readystart v3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "apogee modular equiment controller", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "talon tc modular", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "apogee modular building controller", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "apogee pxc modular", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "apogee pxc compact", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "nucleus source code", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "capital vstar", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "talon tc compact", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-845" } ], "trust": 0.6 }, "cve": "CVE-2021-31885", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31885", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31885", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-31885", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31885", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-31885", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202111-845", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "CNNVD", "id": "CNNVD-202111-845" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.19), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.19), Desigo PXC00-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC00-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC001-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC100-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC12-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC128-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC200-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC22.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC36.1-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC50-E.D (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXC64-U (All versions \u003e= V2.3 and \u003c V6.30.016), Desigo PXM20-E (All versions \u003e= V2.3 and \u003c V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.4), TALON TC Modular (BACnet) (All versions \u003c V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009). Several Siemens products contain vulnerabilities in accessing buffers with improper length values.Information may be obtained", "sources": [ { "db": "NVD", "id": "CVE-2021-31885" }, { "db": "JVNDB", "id": "JVNDB-2021-006566" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31885", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "JVN", "id": "JVNVU98508242", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-006566", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-845", "trust": 0.6 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "CNNVD", "id": "CNNVD-202111-845" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "id": "VAR-202111-1606", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-08-14T13:10:16.122000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0Nucleus\u00a0RTOS\u00a0based\u00a0APOGEE,\u00a0TALON\u00a0and\u00a0Desigo\u00a0PXC/PXM\u00a0Products", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "title": "Siemens Nucleus ReadyStart Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178540" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "CNNVD", "id": "CNNVD-202111-845" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-805", "trust": 1.0 }, { "problemtype": "Accessing the buffer with improper length values (CWE-805) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98508242/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31885" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "CNNVD", "id": "CNNVD-202111-845" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "db": "CNNVD", "id": "CNNVD-202111-845" }, { "db": "NVD", "id": "CVE-2021-31885" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-845" }, { "date": "2021-11-09T12:15:09.487000", "db": "NVD", "id": "CVE-2021-31885" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-13T06:17:00", "db": "JVNDB", "id": "JVNDB-2021-006566" }, { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-845" }, { "date": "2022-05-20T13:15:12.843000", "db": "NVD", "id": "CVE-2021-31885" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-845" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in accessing buffers with improper length values in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-006566" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-845" } ], "trust": 0.6 } }
var-202111-1609
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1609", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.1" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31882" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" } ], "trust": 0.6 }, "cve": "CVE-2021-31882", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-31882", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31882", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2021-31882", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31882", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31882", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202111-850", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" }, { "db": "NVD", "id": "CVE-2021-31882" }, { "db": "NVD", "id": "CVE-2021-31882" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)", "sources": [ { "db": "NVD", "id": "CVE-2021-31882" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "NVD", "id": "CVE-2021-31882", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-850", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" }, { "db": "NVD", "id": "CVE-2021-31882" } ] }, "id": "VAR-202111-1609", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T21:17:07.111000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174358" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31882" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31882" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" }, { "db": "NVD", "id": "CVE-2021-31882" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-850" }, { "db": "NVD", "id": "CVE-2021-31882" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-850" }, { "date": "2021-11-09T12:15:09.317000", "db": "NVD", "id": "CVE-2021-31882" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-850" }, { "date": "2024-10-08T09:15:05.170000", "db": "NVD", "id": "CVE-2021-31882" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus Buffer error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-850" } ], "trust": 0.6 } }
var-202111-1615
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1615", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.3" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31889" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" } ], "trust": 0.6 }, "cve": "CVE-2021-31889", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31889", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31889", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31889", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31889", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31889", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-837", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" }, { "db": "NVD", "id": "CVE-2021-31889" }, { "db": "NVD", "id": "CVE-2021-31889" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015)", "sources": [ { "db": "NVD", "id": "CVE-2021-31889" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31889", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-223353", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2022.0094", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031014", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010910", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-837", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" }, { "db": "NVD", "id": "CVE-2021-31889" } ] }, "id": "VAR-202111-1615", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T20:42:01.527000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "siemens Nucleus Fixes for digital error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185268" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-191", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31889" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://source.android.com/security/bulletin/2022-01-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0094" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010910" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031014" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" }, { "db": "NVD", "id": "CVE-2021-31889" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-837" }, { "db": "NVD", "id": "CVE-2021-31889" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-837" }, { "date": "2021-11-09T12:15:09.693000", "db": "NVD", "id": "CVE-2021-31889" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-837" }, { "date": "2024-10-08T09:15:06.100000", "db": "NVD", "id": "CVE-2021-31889" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus Digital error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-837" } ], "trust": 0.6 } }
var-202111-1611
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1611", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.1" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31346" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" } ], "trust": 0.6 }, "cve": "CVE-2021-31346", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-31346", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-31346", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2021-31346", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31346", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31346", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202111-851", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" }, { "db": "NVD", "id": "CVE-2021-31346" }, { "db": "NVD", "id": "CVE-2021-31346" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)", "sources": [ { "db": "NVD", "id": "CVE-2021-31346" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31346", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-223353", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "AUSCERT", "id": "ESB-2022.0094", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031013", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022010910", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-851", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" }, { "db": "NVD", "id": "CVE-2021-31346" } ] }, "id": "VAR-202111-1611", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T21:00:05.053000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "siemens Nucleus Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185269" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-1284", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31346" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://source.android.com/security/bulletin/2022-01-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0094" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31346" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2022-37172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022010910" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031013" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" }, { "db": "NVD", "id": "CVE-2021-31346" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-851" }, { "db": "NVD", "id": "CVE-2021-31346" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-851" }, { "date": "2021-11-09T12:15:09.200000", "db": "NVD", "id": "CVE-2021-31346" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-851" }, { "date": "2024-10-08T09:15:04.353000", "db": "NVD", "id": "CVE-2021-31346" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-851" } ], "trust": 0.6 } }
var-202111-1613
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1613", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart v4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "apogee modular building controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc compact", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "apogee pxc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "talon tc modular", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus readystart v3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.1" }, { "model": "apogee modular equiment controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31344" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" } ], "trust": 0.6 }, "cve": "CVE-2021-31344", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-31344", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31344", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31344", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2021-31344", "trust": 1.0, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202111-855", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" }, { "db": "NVD", "id": "CVE-2021-31344" }, { "db": "NVD", "id": "CVE-2021-31344" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)", "sources": [ { "db": "NVD", "id": "CVE-2021-31344" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31344", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-620288", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-044112", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-845392", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-223353", "trust": 1.6 }, { "db": "SIEMENS", "id": "SSA-114589", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-21-350-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-313-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-21-315-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-013-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-069-02", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021121648", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031013", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111003", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011803", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3833", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202111-855", "trust": 0.6 } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" }, { "db": "NVD", "id": "CVE-2021-31344" } ] }, "id": "VAR-202111-1613", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.544069276 }, "last_update_date": "2024-10-08T22:03:22.987000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Siemens Nucleus ReadyStart Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178543" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-31344" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111003" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3833" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-069-02" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3874" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31344" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4289" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011803" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021121648" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-315-07" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031013" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-313-03" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" }, { "db": "NVD", "id": "CVE-2021-31344" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNNVD", "id": "CNNVD-202111-855" }, { "db": "NVD", "id": "CVE-2021-31344" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-855" }, { "date": "2021-11-09T12:15:09.087000", "db": "NVD", "id": "CVE-2021-31344" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202111-855" }, { "date": "2024-10-08T09:15:03.490000", "db": "NVD", "id": "CVE-2021-31344" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus ReadyStart Security hole", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202111-855" } ], "trust": 0.6 } }
var-202104-1925
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services.
Siemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1925", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.4" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "vstar", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus source code", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus readystart", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4\u003cv4.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 0.6 }, "cve": "CVE-2021-25663", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-25663", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2021-28697", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-25663", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25663", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-25663", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-28697", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-995", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-25663", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. \n\r\n\r\nSiemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-25663" }, { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-25663" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-248289", "trust": 2.3 }, { "db": "NVD", "id": "CVE-2021-25663", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-21-103-05", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2021-28697", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1245", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-995", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-25663", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "id": "VAR-202104-1925", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ], "trust": 1.1225228600000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ] }, "last_update_date": "2024-11-23T20:09:48.510000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Nucleus product IPv6 stack denial of service vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/258466" }, { "title": "siemens Nucleus Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147375" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2e667a20dc904cea13ad0154c0461a55" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-995" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-25663" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1245" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25663" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/835.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28697" }, { "date": "2021-04-22T00:00:00", "db": "VULMON", "id": "CVE-2021-25663" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-995" }, { "date": "2021-04-22T21:15:09.957000", "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28697" }, { "date": "2021-04-30T00:00:00", "db": "VULMON", "id": "CVE-2021-25663" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-995" }, { "date": "2024-11-21T05:55:14.813000", "db": "NVD", "id": "CVE-2021-25663" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus product IPv6 stack denial of service vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 1.2 } }