ID

VAR-202103-0976


CVE

CVE-2021-25676


TITLE

plural  Siemens  Vulnerability in improperly limiting excessive authentication attempts in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-004475

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically. plural Siemens The product is vulnerable to improper restrictions on excessive authentication attempts.Denial of service (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. Siemens SCALANCE and RUGGEDCOM devices have a denial of service vulnerability. An attacker can use the vulnerability to trigger a temporary denial of service

Trust: 2.16

sources: NVD: CVE-2021-25676 // JVNDB: JVNDB-2021-004475 // CNVD: CNVD-2021-16444

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-16444

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m-800scope:eqversion:6.3

Trust: 1.6

vendor:siemensmodel:scalance s615scope:eqversion:6.3

Trust: 1.6

vendor:siemensmodel:ruggedcom rm1224scope:eqversion:6.3

Trust: 1.6

vendor:siemensmodel:scalance sc-600scope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance sc-600scope:gteversion:2.1

Trust: 1.0

vendor:シーメンスmodel:ruggedcom rm1224scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m-800scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-600scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance sc-600scope:gteversion:v2.1,<2.1.3

Trust: 0.6

sources: CNVD: CNVD-2021-16444 // JVNDB: JVNDB-2021-004475 // NVD: CVE-2021-25676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25676
value: HIGH

Trust: 1.0

NVD: CVE-2021-25676
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-16444
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-690
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-25676
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-16444
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25676
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-25676
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-16444 // JVNDB: JVNDB-2021-004475 // CNNVD: CNNVD-202103-690 // NVD: CVE-2021-25676

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate restriction of excessive authentication attempts (CWE-307) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004475 // NVD: CVE-2021-25676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-690

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-690

PATCH

title:SSA-296266url:https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf

Trust: 0.8

title:Siemens RUGGEDCOM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144282

Trust: 0.6

sources: JVNDB: JVNDB-2021-004475 // CNNVD: CNNVD-202103-690

EXTERNAL IDS

db:NVDid:CVE-2021-25676

Trust: 3.0

db:ICS CERTid:ICSA-21-068-02

Trust: 2.4

db:SIEMENSid:SSA-296266

Trust: 2.2

db:JVNid:JVNVU93441670

Trust: 0.8

db:JVNDBid:JVNDB-2021-004475

Trust: 0.8

db:CNVDid:CNVD-2021-16444

Trust: 0.6

db:AUSCERTid:ESB-2021.0846

Trust: 0.6

db:CNNVDid:CNNVD-202103-690

Trust: 0.6

sources: CNVD: CNVD-2021-16444 // JVNDB: JVNDB-2021-004475 // CNNVD: CNNVD-202103-690 // NVD: CVE-2021-25676

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02

Trust: 2.4

url:https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-25676

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93441670/

Trust: 0.8

url:https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-denial-of-service-via-failed-ssh-authentication-34784

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0846

Trust: 0.6

sources: CNVD: CNVD-2021-16444 // JVNDB: JVNDB-2021-004475 // CNNVD: CNNVD-202103-690 // NVD: CVE-2021-25676

SOURCES

db:CNVDid:CNVD-2021-16444
db:JVNDBid:JVNDB-2021-004475
db:CNNVDid:CNNVD-202103-690
db:NVDid:CVE-2021-25676

LAST UPDATE DATE

2024-08-14T13:17:17.442000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-16444date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2021-004475date:2021-11-22T09:03:00
db:CNNVDid:CNNVD-202103-690date:2021-03-19T00:00:00
db:NVDid:CVE-2021-25676date:2021-04-20T17:41:15.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-16444date:2021-03-11T00:00:00
db:JVNDBid:JVNDB-2021-004475date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-690date:2021-03-09T00:00:00
db:NVDid:CVE-2021-25676date:2021-03-15T17:15:22.127