ID

VAR-202104-1925


CVE

CVE-2021-25663


TITLE

Siemens Nucleus product IPv6 stack denial of service vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-28697

DESCRIPTION

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. Siemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-25663 // CNVD: CNVD-2021-28697 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-25663

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-28697

AFFECTED PRODUCTS

vendor:siemensmodel:nucleus readystartscope:ltversion:4.1.0

Trust: 1.0

vendor:siemensmodel:nucleus source codescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:nucleus readystartscope:ltversion:2017.02.4

Trust: 1.0

vendor:siemensmodel:capital vstarscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:nucleus netscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:vstarscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus source codescope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus netscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleus readystartscope: - version: -

Trust: 0.6

vendor:siemensmodel:nucleusscope:eqversion:4<v4.1.0

Trust: 0.6

sources: CNVD: CNVD-2021-28697 // NVD: CVE-2021-25663

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25663
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2021-25663
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-28697
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-995
value: HIGH

Trust: 0.6

VULMON: CVE-2021-25663
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-25663
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-28697
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25663
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663 // NVD: CVE-2021-25663

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

sources: NVD: CVE-2021-25663

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-995

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995

PATCH

title:Patch for Siemens Nucleus product IPv6 stack denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/258466

Trust: 0.6

title:siemens Nucleus Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147375

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2e667a20dc904cea13ad0154c0461a55

Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-995

EXTERNAL IDS

db:SIEMENSid:SSA-248289

Trust: 2.3

db:NVDid:CVE-2021-25663

Trust: 2.3

db:ICS CERTid:ICSA-21-103-05

Trust: 1.7

db:CNVDid:CNVD-2021-28697

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021041414

Trust: 0.6

db:AUSCERTid:ESB-2021.1245

Trust: 0.6

db:CNNVDid:CNNVD-202104-995

Trust: 0.6

db:VULMONid:CVE-2021-25663

Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf

Trust: 2.3

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/html/ssa-248289.html

Trust: 1.0

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041414

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1245

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-25663

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/835.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt

Trust: 0.1

sources: CNVD: CNVD-2021-28697 // VULMON: CVE-2021-25663 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-995 // NVD: CVE-2021-25663

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202104-995

SOURCES

db:CNVDid:CNVD-2021-28697
db:VULMONid:CVE-2021-25663
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-995
db:NVDid:CVE-2021-25663

LAST UPDATE DATE

2024-11-23T20:09:48.510000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-28697date:2021-04-15T00:00:00
db:VULMONid:CVE-2021-25663date:2021-04-30T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-995date:2021-11-18T00:00:00
db:NVDid:CVE-2021-25663date:2024-11-21T05:55:14.813

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-28697date:2021-04-15T00:00:00
db:VULMONid:CVE-2021-25663date:2021-04-22T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-995date:2021-04-13T00:00:00
db:NVDid:CVE-2021-25663date:2021-04-22T21:15:09.957