Details of VAR-202108-1048

ID

VAR-202108-1048

CVE

CVE-2021-31338

TITLE

SINEMA Remote Connect Client Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012376

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. SINEMA Remote Connect Client Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens). The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 1.8

sources: NVD: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // VULHUB: VHN-391086 // VULMON: CVE-2021-31338

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema remote connect	scope:	lt	version:	3.0	Trust: 1.0
vendor:	siemens	model:	sinema remote connect	scope:	eq	version:	3.0	Trust: 1.0
vendor:	シーメンス	model:	sinema remote connect client	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect client	scope:	eq	version:	3.0 sp1	Trust: 0.8

sources: JVNDB: JVNDB-2021-012376 // NVD: CVE-2021-31338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31338
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-31338
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-1679
value:	HIGH
Trust: 0.6
VULHUB:	VHN-391086
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-31338
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-31338
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-391086
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-31338
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31338
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

PROBLEMTYPE DATA

problemtype:	CWE-15	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-012376 // NVD: CVE-2021-31338

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-1679

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1679

PATCH

title:	SSA-816035	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf	Trust: 0.8
title:	SINEMA Remote Connect Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160599	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=fca44ead56f8a2ad37bac49a2ac59b6c	Trust: 0.1

sources: VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31338	Trust: 3.4
db:	SIEMENS	id:	SSA-816035	Trust: 1.8
db:	JVNDB	id:	JVNDB-2021-012376	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1679	Trust: 0.7
db:	VULHUB	id:	VHN-391086	Trust: 0.1
db:	VULMON	id:	CVE-2021-31338	Trust: 0.1

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31338	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt	Trust: 0.1

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

SOURCES

db:	VULHUB	id:	VHN-391086
db:	VULMON	id:	CVE-2021-31338
db:	JVNDB	id:	JVNDB-2021-012376
db:	CNNVD	id:	CNNVD-202108-1679
db:	NVD	id:	CVE-2021-31338

LAST UPDATE DATE

2024-08-14T14:31:39.946000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-391086	date:	2021-08-26T00:00:00
db:	VULMON	id:	CVE-2021-31338	date:	2021-08-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-012376	date:	2022-08-30T05:33:00
db:	CNNVD	id:	CNNVD-202108-1679	date:	2021-08-27T00:00:00
db:	NVD	id:	CVE-2021-31338	date:	2021-08-26T11:52:17.950

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-391086	date:	2021-08-19T00:00:00
db:	VULMON	id:	CVE-2021-31338	date:	2021-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-012376	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202108-1679	date:	2021-08-19T00:00:00
db:	NVD	id:	CVE-2021-31338	date:	2021-08-19T16:15:12.243