Sign-up

ID

VAR-202109-1217


CVE

CVE-2021-37177


TITLE

Siemens SINEMA Remote Connect Server Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-71426 // CNNVD: CNNVD-202109-932

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. Siemens SINEMA Remote Connect Server is a set of remote network management platform of Siemens (Siemens) in Germany. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.88

sources: NVD: CVE-2021-37177 // JVNDB: JVNDB-2021-011707 // CNVD: CNVD-2021-71426 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-399007 // VULMON: CVE-2021-37177

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-71426

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.0

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.0

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.0 sp2

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp2scope:ltversion:v3.0

Trust: 0.6

sources: CNVD: CNVD-2021-71426 // JVNDB: JVNDB-2021-011707 // NVD: CVE-2021-37177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37177
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37177
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-71426
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202109-932
value: MEDIUM

Trust: 0.6

VULHUB: VHN-399007
value: LOW

Trust: 0.1

VULMON: CVE-2021-37177
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-37177
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-71426
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-399007
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37177
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37177
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-71426 // VULHUB: VHN-399007 // VULMON: CVE-2021-37177 // JVNDB: JVNDB-2021-011707 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-932 // NVD: CVE-2021-37177

PROBLEMTYPE DATA

problemtype:CWE-471

Trust: 1.1

problemtype:Modifying data that is assumed to be immutable (CWE-471) [ others ]

Trust: 0.8

sources: VULHUB: VHN-399007 // JVNDB: JVNDB-2021-011707 // NVD: CVE-2021-37177

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-932

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:SSA-334944url:https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Trust: 0.8

title:Patch for Siemens SINEMA Remote Connect Server Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/290871

Trust: 0.6

title:Siemens SINEMA Remote Connect Server Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163668

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=beb2786961a935a883573ee5ef3c7caa

Trust: 0.1

sources: CNVD: CNVD-2021-71426 // VULMON: CVE-2021-37177 // JVNDB: JVNDB-2021-011707 // CNNVD: CNNVD-202109-932

EXTERNAL IDS

db:NVDid:CVE-2021-37177

Trust: 4.0

db:SIEMENSid:SSA-334944

Trust: 2.4

db:ICS CERTid:ICSA-21-257-19

Trust: 1.4

db:JVNid:JVNVU96712416

Trust: 0.8

db:JVNDBid:JVNDB-2021-011707

Trust: 0.8

db:CNVDid:CNVD-2021-71426

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021091614

Trust: 0.6

db:CNNVDid:CNNVD-202109-932

Trust: 0.6

db:VULHUBid:VHN-399007

Trust: 0.1

db:VULMONid:CVE-2021-37177

Trust: 0.1

sources: CNVD: CNVD-2021-71426 // VULHUB: VHN-399007 // VULMON: CVE-2021-37177 // JVNDB: JVNDB-2021-011707 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-932 // NVD: CVE-2021-37177

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-37177

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96712416/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-19

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091614

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-257-19

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/471.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-334944.txt

Trust: 0.1

sources: CNVD: CNVD-2021-71426 // VULHUB: VHN-399007 // VULMON: CVE-2021-37177 // JVNDB: JVNDB-2021-011707 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-932 // NVD: CVE-2021-37177

CREDITS

Sharon Brizinov from Claroty reported these vulnerabilities to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202109-932

SOURCES

db:CNVDid:CNVD-2021-71426
db:VULHUBid:VHN-399007
db:VULMONid:CVE-2021-37177
db:JVNDBid:JVNDB-2021-011707
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202109-932
db:NVDid:CVE-2021-37177

LAST UPDATE DATE

2024-08-14T12:34:25.041000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-71426date:2022-01-18T00:00:00
db:VULHUBid:VHN-399007date:2021-09-23T00:00:00
db:VULMONid:CVE-2021-37177date:2021-09-23T00:00:00
db:JVNDBid:JVNDB-2021-011707date:2022-08-09T02:38:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202109-932date:2021-09-24T00:00:00
db:NVDid:CVE-2021-37177date:2021-09-23T19:06:46.723

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-71426date:2021-09-15T00:00:00
db:VULHUBid:VHN-399007date:2021-09-14T00:00:00
db:VULMONid:CVE-2021-37177date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-011707date:2022-08-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202109-932date:2021-09-14T00:00:00
db:NVDid:CVE-2021-37177date:2021-09-14T11:15:25.540