ID

VAR-202108-1048


CVE

CVE-2021-31338


TITLE

SINEMA Remote Connect Client  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012376

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device. SINEMA Remote Connect Client Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SINEMA Remote Connect Server is a set of remote network management platform of German Siemens (Siemens). The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 1.8

sources: NVD: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // VULHUB: VHN-391086 // VULMON: CVE-2021-31338

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connectscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connectscope:eqversion:3.0

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect clientscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect clientscope:eqversion:3.0 sp1

Trust: 0.8

sources: JVNDB: JVNDB-2021-012376 // NVD: CVE-2021-31338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-31338
value: HIGH

Trust: 1.0

NVD: CVE-2021-31338
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-1679
value: HIGH

Trust: 0.6

VULHUB: VHN-391086
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-31338
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-31338
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-391086
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-31338
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-31338
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

PROBLEMTYPE DATA

problemtype:CWE-15

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012376 // NVD: CVE-2021-31338

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-1679

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1679

PATCH

title:SSA-816035url:https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf

Trust: 0.8

title:SINEMA Remote Connect Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160599

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=fca44ead56f8a2ad37bac49a2ac59b6c

Trust: 0.1

sources: VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679

EXTERNAL IDS

db:NVDid:CVE-2021-31338

Trust: 3.4

db:SIEMENSid:SSA-816035

Trust: 1.8

db:JVNDBid:JVNDB-2021-012376

Trust: 0.8

db:CNNVDid:CNNVD-202108-1679

Trust: 0.7

db:VULHUBid:VHN-391086

Trust: 0.1

db:VULMONid:CVE-2021-31338

Trust: 0.1

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-31338

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-816035.txt

Trust: 0.1

sources: VULHUB: VHN-391086 // VULMON: CVE-2021-31338 // JVNDB: JVNDB-2021-012376 // CNNVD: CNNVD-202108-1679 // NVD: CVE-2021-31338

SOURCES

db:VULHUBid:VHN-391086
db:VULMONid:CVE-2021-31338
db:JVNDBid:JVNDB-2021-012376
db:CNNVDid:CNNVD-202108-1679
db:NVDid:CVE-2021-31338

LAST UPDATE DATE

2024-08-14T14:31:39.946000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-391086date:2021-08-26T00:00:00
db:VULMONid:CVE-2021-31338date:2021-08-26T00:00:00
db:JVNDBid:JVNDB-2021-012376date:2022-08-30T05:33:00
db:CNNVDid:CNNVD-202108-1679date:2021-08-27T00:00:00
db:NVDid:CVE-2021-31338date:2021-08-26T11:52:17.950

SOURCES RELEASE DATE

db:VULHUBid:VHN-391086date:2021-08-19T00:00:00
db:VULMONid:CVE-2021-31338date:2021-08-19T00:00:00
db:JVNDBid:JVNDB-2021-012376date:2022-08-30T00:00:00
db:CNNVDid:CNNVD-202108-1679date:2021-08-19T00:00:00
db:NVDid:CVE-2021-31338date:2021-08-19T16:15:12.243