ID

VAR-202112-0785


CVE

CVE-2021-44523


TITLE

SiPass integrated  and  Siveillance Identity  Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016370

DESCRIPTION

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained and information may be tampered with. SiPass integrated is an access control system

Trust: 2.25

sources: NVD: CVE-2021-44523 // JVNDB: JVNDB-2021-016370 // CNVD: CNVD-2021-100378 // VULHUB: VHN-407754

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100378

AFFECTED PRODUCTS

vendor:siemensmodel:siveillance identityscope:eqversion:1.5

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:lteversion:1.6.280.0

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.80

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.76

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:gteversion:1.6

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.85

Trust: 1.0

vendor:シーメンスmodel:sipass integratedscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siveillance identityscope: - version: -

Trust: 0.8

vendor:siemensmodel:sipass integratedscope:eqversion:v2.76

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.80

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.85

Trust: 0.6

sources: CNVD: CNVD-2021-100378 // JVNDB: JVNDB-2021-016370 // NVD: CVE-2021-44523

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44523
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-44523
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2021-100378
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-1235
value: CRITICAL

Trust: 0.6

VULHUB: VHN-407754
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-44523
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100378
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-407754
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-44523
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-44523
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100378 // VULHUB: VHN-407754 // JVNDB: JVNDB-2021-016370 // CNNVD: CNNVD-202112-1235 // NVD: CVE-2021-44523

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:Leakage of resources to the wrong area (CWE-668) [ others ]

Trust: 0.8

sources: VULHUB: VHN-407754 // JVNDB: JVNDB-2021-016370 // NVD: CVE-2021-44523

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-1235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-1235

PATCH

title:SSA-160202 Siemens Security Advisoryurl:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 0.8

title:Patch for SiPass integrated Access Control Vulnerability (CNVD-2021-100378)url:https://www.cnvd.org.cn/patchInfo/show/306226

Trust: 0.6

title:Siemens SiPass Integrated and Siveillance Identity Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175715

Trust: 0.6

sources: CNVD: CNVD-2021-100378 // JVNDB: JVNDB-2021-016370 // CNNVD: CNNVD-202112-1235

EXTERNAL IDS

db:NVDid:CVE-2021-44523

Trust: 3.9

db:SIEMENSid:SSA-160202

Trust: 2.3

db:SIEMENSid:SSA-463116

Trust: 1.7

db:ICS CERTid:ICSA-21-350-14

Trust: 1.4

db:JVNid:JVNVU96592426

Trust: 0.8

db:ICS CERTid:ICSA-21-350-19

Trust: 0.8

db:JVNDBid:JVNDB-2021-016370

Trust: 0.8

db:CNVDid:CNVD-2021-100378

Trust: 0.6

db:CS-HELPid:SB2022010612

Trust: 0.6

db:CNNVDid:CNNVD-202112-1235

Trust: 0.6

db:VULHUBid:VHN-407754

Trust: 0.1

sources: CNVD: CNVD-2021-100378 // VULHUB: VHN-407754 // JVNDB: JVNDB-2021-016370 // CNNVD: CNNVD-202112-1235 // NVD: CVE-2021-44523

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-44523

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96592426/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010612

Trust: 0.6

sources: CNVD: CNVD-2021-100378 // VULHUB: VHN-407754 // JVNDB: JVNDB-2021-016370 // CNNVD: CNNVD-202112-1235 // NVD: CVE-2021-44523

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202112-1235

SOURCES

db:CNVDid:CNVD-2021-100378
db:VULHUBid:VHN-407754
db:JVNDBid:JVNDB-2021-016370
db:CNNVDid:CNNVD-202112-1235
db:NVDid:CVE-2021-44523

LAST UPDATE DATE

2024-11-23T21:09:33.877000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100378date:2022-01-26T00:00:00
db:VULHUBid:VHN-407754date:2021-12-17T00:00:00
db:JVNDBid:JVNDB-2021-016370date:2022-12-13T08:15:00
db:CNNVDid:CNNVD-202112-1235date:2022-01-07T00:00:00
db:NVDid:CVE-2021-44523date:2024-11-21T06:31:09.350

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100378date:2021-12-15T00:00:00
db:VULHUBid:VHN-407754date:2021-12-14T00:00:00
db:JVNDBid:JVNDB-2021-016370date:2022-12-13T00:00:00
db:CNNVDid:CNNVD-202112-1235date:2021-12-14T00:00:00
db:NVDid:CVE-2021-44523date:2021-12-14T12:15:12.077