ID

VAR-202110-0522


CVE

CVE-2021-41546


TITLE

Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2021-013659

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments, such as power facility substations and traffic control cabinets. The Siemens RUGGEDCOM ROX device has a denial of service vulnerability

Trust: 2.25

sources: NVD: CVE-2021-41546 // JVNDB: JVNDB-2021-013659 // CNVD: CNVD-2021-77598 // VULMON: CVE-2021-41546

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-77598

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1524scope:ltversion:2.14.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1536scope:ltversion:2.14.1

Trust: 1.0

vendor:シーメンスmodel:ruggedcom rox rx1511scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1500scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox mx5000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1501scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1536scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx5000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1400scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1524scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1510scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rox rx1512scope: - version: -

Trust: 0.8

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1524scope:ltversion:v2.14.1

Trust: 0.6

vendor:siemensmodel:ruggedcom rox rx1536scope:ltversion:v2.14.1

Trust: 0.6

sources: CNVD: CNVD-2021-77598 // JVNDB: JVNDB-2021-013659 // NVD: CVE-2021-41546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-41546
value: HIGH

Trust: 1.0

NVD: CVE-2021-41546
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-77598
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202110-773
value: HIGH

Trust: 0.6

VULMON: CVE-2021-41546
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-41546
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-77598
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-41546
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-41546
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-77598 // VULMON: CVE-2021-41546 // JVNDB: JVNDB-2021-013659 // CNNVD: CNNVD-202110-773 // NVD: CVE-2021-41546

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:CWE-770

Trust: 1.0

problemtype:Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013659 // NVD: CVE-2021-41546

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-773

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202110-773

PATCH

title:SSA-173565url:https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf

Trust: 0.8

title:Patch for Siemens RUGGEDCOM ROX Device Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/293986

Trust: 0.6

title:Siemens Ruggedcom Rox Mx5000 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165887

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=31d453959f7c1086ac70d4139a81aadc

Trust: 0.1

sources: CNVD: CNVD-2021-77598 // VULMON: CVE-2021-41546 // JVNDB: JVNDB-2021-013659 // CNNVD: CNNVD-202110-773

EXTERNAL IDS

db:NVDid:CVE-2021-41546

Trust: 3.9

db:SIEMENSid:SSA-173565

Trust: 2.3

db:ICS CERTid:ICSA-21-287-08

Trust: 1.4

db:JVNid:JVNVU95938083

Trust: 0.8

db:JVNDBid:JVNDB-2021-013659

Trust: 0.8

db:CNVDid:CNVD-2021-77598

Trust: 0.6

db:AUSCERTid:ESB-2021.3444

Trust: 0.6

db:CS-HELPid:SB2021101506

Trust: 0.6

db:CNNVDid:CNNVD-202110-773

Trust: 0.6

db:VULMONid:CVE-2021-41546

Trust: 0.1

sources: CNVD: CNVD-2021-77598 // VULMON: CVE-2021-41546 // JVNDB: JVNDB-2021-013659 // CNNVD: CNNVD-202110-773 // NVD: CVE-2021-41546

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-41546

Trust: 1.4

url:http://jvn.jp/vu/jvnvu95938083/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-08

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021101506

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-287-08

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3444

Trust: 0.6

url:https://vigilance.fr/vulnerability/ruggedcom-rox-denial-of-service-via-crashdump-files-36635

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-173565.txt

Trust: 0.1

sources: CNVD: CNVD-2021-77598 // VULMON: CVE-2021-41546 // JVNDB: JVNDB-2021-013659 // CNNVD: CNNVD-202110-773 // NVD: CVE-2021-41546

CREDITS

Siemens reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202110-773

SOURCES

db:CNVDid:CNVD-2021-77598
db:VULMONid:CVE-2021-41546
db:JVNDBid:JVNDB-2021-013659
db:CNNVDid:CNNVD-202110-773
db:NVDid:CVE-2021-41546

LAST UPDATE DATE

2024-11-23T19:27:35.396000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-77598date:2022-01-18T00:00:00
db:VULMONid:CVE-2021-41546date:2021-10-19T00:00:00
db:JVNDBid:JVNDB-2021-013659date:2022-09-21T02:56:00
db:CNNVDid:CNNVD-202110-773date:2022-08-15T00:00:00
db:NVDid:CVE-2021-41546date:2024-11-21T06:26:23.577

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-77598date:2021-10-15T00:00:00
db:VULMONid:CVE-2021-41546date:2021-10-12T00:00:00
db:JVNDBid:JVNDB-2021-013659date:2022-09-21T00:00:00
db:CNNVDid:CNNVD-202110-773date:2021-10-12T00:00:00
db:NVDid:CVE-2021-41546date:2021-10-12T10:15:12.710