Details of VAR-202104-1925

ID

VAR-202104-1925

CVE

CVE-2021-25663

TITLE

Siemens Nucleus product IPv6 stack denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-28697

DESCRIPTION

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. Siemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-25663 // CNVD: CNVD-2021-28697 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-25663

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-28697

AFFECTED PRODUCTS

vendor:	siemens	model:	nucleus readystart	scope:	lt	version:	4.1.0	Trust: 1.0
vendor:	siemens	model:	nucleus net	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	nucleus readystart	scope:	lt	version:	2017.02.4	Trust: 1.0
vendor:	siemens	model:	capital vstar	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	nucleus source code	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	vstar	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	nucleus source code	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	nucleus net	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	nucleus readystart	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	nucleus	scope:	eq	version:	4<v4.1.0	Trust: 0.6

sources: CNVD: CNVD-2021-28697 // NVD: CVE-2021-25663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25663
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2021-25663
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-28697
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-995
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-25663
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-25663
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-28697
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25663
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663 // NVD: CVE-2021-25663

PROBLEMTYPE DATA

problemtype:

CWE-835

Trust: 1.0

sources: NVD: CVE-2021-25663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-995

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995

PATCH

title:	Patch for Siemens Nucleus product IPv6 stack denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/258466	Trust: 0.6
title:	siemens Nucleus Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147375	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2e667a20dc904cea13ad0154c0461a55	Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-995

EXTERNAL IDS

db:	SIEMENS	id:	SSA-248289	Trust: 2.3
db:	NVD	id:	CVE-2021-25663	Trust: 2.3
db:	ICS CERT	id:	ICSA-21-103-05	Trust: 1.7
db:	CNVD	id:	CNVD-2021-28697	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021041414	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1245	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-995	Trust: 0.6
db:	VULMON	id:	CVE-2021-25663	Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf	Trust: 2.3
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/html/ssa-248289.html	Trust: 1.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041414	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1245	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25663	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/835.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt	Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202104-995

SOURCES

db:	CNVD	id:	CNVD-2021-28697
db:	VULMON	id:	CVE-2021-25663
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-995
db:	NVD	id:	CVE-2021-25663

LAST UPDATE DATE

2024-08-14T12:48:17.414000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-28697	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2021-25663	date:	2021-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-995	date:	2021-11-18T00:00:00
db:	NVD	id:	CVE-2021-25663	date:	2024-02-13T09:15:43.143

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-28697	date:	2021-04-15T00:00:00
db:	VULMON	id:	CVE-2021-25663	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-995	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-25663	date:	2021-04-22T21:15:09.957