ID

VAR-202104-1828


CVE

CVE-2021-27393


TITLE

Siemens Nucleus product DNS module can predict UDP port number vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-28698

DESCRIPTION

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. The DNS module of Siemens Nucleus products has security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-27393 // CNVD: CNVD-2021-28698 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-27393

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28698

AFFECTED PRODUCTS

vendor:siemensmodel:nucleus netscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:nucleus source codescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:nucleus readystart v3scope:ltversion:2013.08

Trust: 1.0

vendor:siemensmodel:vstarscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus source codescope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus rtosscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus netscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus readystartscope:ltversion:v2013.08

Trust: 0.6

sources: CNVD: CNVD-2021-28698 // NVD: CVE-2021-27393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27393
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2021-28698
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-921
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-27393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-27393
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-28698
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-27393
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-28698 // VULMON: CVE-2021-27393 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-921 // NVD: CVE-2021-27393

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.0

sources: NVD: CVE-2021-27393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-921

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Patch for Siemens Nucleus product DNS module can predict UDP port number vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258426

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=05c4bed0fc8868101fc6066abbc9f1a5

Trust: 0.1

sources: CNVD: CNVD-2021-28698 // VULMON: CVE-2021-27393

EXTERNAL IDS

db:SIEMENSid:SSA-201384

Trust: 2.3

db:NVDid:CVE-2021-27393

Trust: 2.3

db:CNVDid:CNVD-2021-28698

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:ICS CERTid:ICSA-21-103-14

Trust: 0.6

db:CS-HELPid:SB2021041408

Trust: 0.6

db:CNNVDid:CNNVD-202104-921

Trust: 0.6

db:VULMONid:CVE-2021-27393

Trust: 0.1

sources: CNVD: CNVD-2021-28698 // VULMON: CVE-2021-27393 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-921 // NVD: CVE-2021-27393

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf

Trust: 2.3

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-14

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041408

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-27393

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/330.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-201384.txt

Trust: 0.1

sources: CNVD: CNVD-2021-28698 // VULMON: CVE-2021-27393 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-921 // NVD: CVE-2021-27393

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202104-921

SOURCES

db:CNVDid:CNVD-2021-28698
db:VULMONid:CVE-2021-27393
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-921
db:NVDid:CVE-2021-27393

LAST UPDATE DATE

2024-08-14T12:40:19.503000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28698date:2021-04-15T00:00:00
db:VULMONid:CVE-2021-27393date:2021-04-30T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-921date:2022-01-14T00:00:00
db:NVDid:CVE-2021-27393date:2022-04-22T19:38:54.327

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28698date:2021-04-15T00:00:00
db:VULMONid:CVE-2021-27393date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-921date:2021-04-13T00:00:00
db:NVDid:CVE-2021-27393date:2021-04-22T21:15:10.393