Lucene search

SiemensCVE-2021-27393

HistoryApr 22, 2021 - 9:15 p.m.

CVE-2021-27393

2021-04-2221:15:10

CWE-330

siemens

web.nvd.nist.gov

nucleus

net

vulnerability

dns

client

udp port

dns cache

spoofing

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Affected configurations

Nvd

Node

siemensnucleus_net

siemensnucleus_readystart_v3Range<2013.08

siemensnucleus_source_codeMatch-

VendorProductVersionCPE
siemensnucleus_net*cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
siemensnucleus_readystart_v3*cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
siemensnucleus_source_code-cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	nucleus_net	*	cpe:2.3:a:siemens:nucleus_net::::::::
siemens	nucleus_readystart_v3	*	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
siemens	nucleus_source_code	-	cpe:2.3:a:siemens:nucleus_source_code:-:::::::*

CNA Affected

[
  {
    "product": "Nucleus NET",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Nucleus ReadyStart V3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2013.08"
      }
    ]
  },
  {
    "product": "Nucleus Source Code",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "Versions including affected DNS modules"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

35.9%

JSON

Related for CVE-2021-27393