Details of VAR-202108-1894

ID

VAR-202108-1894

CVE

CVE-2021-37164

TITLE

Nexus Control Panel out-of-bounds write vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-62178

DESCRIPTION

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-37164 // CNVD: CNVD-2021-62178 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-37164

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-62178

AFFECTED PRODUCTS

vendor:	swisslog healthcare	model:	hmi-3 control panel	scope:	lt	version:	7.2.5.7	Trust: 1.0
vendor:	swisslog	model:	healthcare nexus control panel	scope:	lt	version:	7.2.5.7	Trust: 0.6

sources: CNVD: CNVD-2021-62178 // NVD: CVE-2021-37164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37164
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2021-62178
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-085
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-37164
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-37164
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-62178
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-37164
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-62178 // VULMON: CVE-2021-37164 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-085 // NVD: CVE-2021-37164

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2021-37164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-085

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Patch for Nexus Control Panel out-of-bounds write vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/285996

Trust: 0.6

sources: CNVD: CNVD-2021-62178

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37164	Trust: 2.3
db:	ICS CERT	id:	ICSMA-21-215-01	Trust: 1.2
db:	CNVD	id:	CNVD-2021-62178	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2625	Trust: 0.6
db:	CS-HELP	id:	SB2021080306	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-085	Trust: 0.6
db:	VULMON	id:	CVE-2021-37164	Trust: 0.1

sources: CNVD: CNVD-2021-62178 // VULMON: CVE-2021-37164 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-085 // NVD: CVE-2021-37164

REFERENCES

url:	https://www.armis.com/pwnedpiper	Trust: 1.7
url:	https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37164-bulletin---off-by-three-stack-overflow-in-tcptxthread.pdf?rev=daf615075c71484c8059c906872a51e6&hash=1fcc1a5d921e231d71e6b95a9aa8b741	Trust: 1.7
url:	https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01	Trust: 1.2
url:	https://www.swisslog-healthcare.com	Trust: 1.1
url:	https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20%2c%20%20cve-2021-37164%20%204%20more%20rows%20	Trust: 1.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080306	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2625	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20,%20%20cve-2021-37164%20%204%20more%20rows%20	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-62178 // VULMON: CVE-2021-37164 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-085 // NVD: CVE-2021-37164

CREDITS

Barak Hadad and Ben Seri from Armis reported these vulnerabilities to Swisslog.

Trust: 0.6

sources: CNNVD: CNNVD-202108-085

SOURCES

db:	CNVD	id:	CNVD-2021-62178
db:	VULMON	id:	CVE-2021-37164
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-085
db:	NVD	id:	CVE-2021-37164

LAST UPDATE DATE

2024-08-14T12:07:50.602000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-62178	date:	2021-08-16T00:00:00
db:	VULMON	id:	CVE-2021-37164	date:	2021-08-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-085	date:	2021-08-11T00:00:00
db:	NVD	id:	CVE-2021-37164	date:	2023-11-07T03:36:55.393

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-62178	date:	2021-08-16T00:00:00
db:	VULMON	id:	CVE-2021-37164	date:	2021-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-085	date:	2021-08-02T00:00:00
db:	NVD	id:	CVE-2021-37164	date:	2021-08-02T13:15:07.830