ID

VAR-202112-0784


CVE

CVE-2021-44524


TITLE

SiPass integrated  and  Siveillance Identity  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016369

DESCRIPTION

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. SiPass integrated and Siveillance Identity There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SiPass integrated is an access control system

Trust: 2.25

sources: NVD: CVE-2021-44524 // JVNDB: JVNDB-2021-016369 // CNVD: CNVD-2021-100377 // VULHUB: VHN-407755

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100377

AFFECTED PRODUCTS

vendor:siemensmodel:siveillance identityscope:eqversion:1.5

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.80

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.76

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:gteversion:1.6

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.85

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:lteversion:1.6.284.0

Trust: 1.0

vendor:シーメンスmodel:sipass integratedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siveillance identityscope: - version: -

Trust: 0.8

vendor:siemensmodel:sipass integratedscope:eqversion:v2.76

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.80

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.85

Trust: 0.6

sources: CNVD: CNVD-2021-100377 // JVNDB: JVNDB-2021-016369 // NVD: CVE-2021-44524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44524
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-44524
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-100377
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-1236
value: CRITICAL

Trust: 0.6

VULHUB: VHN-407755
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-44524
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100377
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-407755
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-44524
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-44524
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100377 // VULHUB: VHN-407755 // JVNDB: JVNDB-2021-016369 // CNNVD: CNNVD-202112-1236 // NVD: CVE-2021-44524

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-668

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-407755 // JVNDB: JVNDB-2021-016369 // NVD: CVE-2021-44524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-1236

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202112-1236

PATCH

title:SSA-160202 Siemens Security Advisoryurl:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 0.8

title:Patch for SiPass integrated Access Control Vulnerability (CNVD-2021-100377)url:https://www.cnvd.org.cn/patchInfo/show/306241

Trust: 0.6

title:Siemens SiPass Integrated and Siveillance Identity Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175716

Trust: 0.6

sources: CNVD: CNVD-2021-100377 // JVNDB: JVNDB-2021-016369 // CNNVD: CNNVD-202112-1236

EXTERNAL IDS

db:NVDid:CVE-2021-44524

Trust: 3.9

db:SIEMENSid:SSA-160202

Trust: 2.3

db:SIEMENSid:SSA-463116

Trust: 1.7

db:ICS CERTid:ICSA-21-350-14

Trust: 1.4

db:JVNid:JVNVU96592426

Trust: 0.8

db:ICS CERTid:ICSA-21-350-19

Trust: 0.8

db:JVNDBid:JVNDB-2021-016369

Trust: 0.8

db:CNVDid:CNVD-2021-100377

Trust: 0.6

db:CS-HELPid:SB2022010612

Trust: 0.6

db:CNNVDid:CNNVD-202112-1236

Trust: 0.6

db:VULHUBid:VHN-407755

Trust: 0.1

sources: CNVD: CNVD-2021-100377 // VULHUB: VHN-407755 // JVNDB: JVNDB-2021-016369 // CNNVD: CNNVD-202112-1236 // NVD: CVE-2021-44524

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-44524

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96592426/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010612

Trust: 0.6

sources: CNVD: CNVD-2021-100377 // VULHUB: VHN-407755 // JVNDB: JVNDB-2021-016369 // CNNVD: CNNVD-202112-1236 // NVD: CVE-2021-44524

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202112-1236

SOURCES

db:CNVDid:CNVD-2021-100377
db:VULHUBid:VHN-407755
db:JVNDBid:JVNDB-2021-016369
db:CNNVDid:CNNVD-202112-1236
db:NVDid:CVE-2021-44524

LAST UPDATE DATE

2024-11-23T20:12:46.023000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100377date:2022-01-26T00:00:00
db:VULHUBid:VHN-407755date:2021-12-17T00:00:00
db:JVNDBid:JVNDB-2021-016369date:2022-12-13T08:08:00
db:CNNVDid:CNNVD-202112-1236date:2022-01-07T00:00:00
db:NVDid:CVE-2021-44524date:2024-11-21T06:31:09.470

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100377date:2021-12-15T00:00:00
db:VULHUBid:VHN-407755date:2021-12-14T00:00:00
db:JVNDBid:JVNDB-2021-016369date:2022-12-13T00:00:00
db:CNNVDid:CNNVD-202112-1236date:2021-12-14T00:00:00
db:NVDid:CVE-2021-44524date:2021-12-14T12:15:12.147