Sign-up

ID

VAR-202112-0786


CVE

CVE-2021-44522


TITLE

SiPass integrated  and  Siveillance Identity  Vulnerability in leaking resources to the wrong area in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016229

DESCRIPTION

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. SiPass integrated is an access control system

Trust: 2.25

sources: NVD: CVE-2021-44522 // JVNDB: JVNDB-2021-016229 // CNVD: CNVD-2021-100379 // VULHUB: VHN-407753

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-100379

AFFECTED PRODUCTS

vendor:siemensmodel:siveillance identityscope:gteversion:1.6

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.85

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.80

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.76

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:eqversion:1.5

Trust: 1.0

vendor:siemensmodel:siveillance identityscope:lteversion:1.6.280.0

Trust: 1.0

vendor:シーメンスmodel:siveillance identityscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sipass integratedscope: - version: -

Trust: 0.8

vendor:siemensmodel:sipass integratedscope:eqversion:v2.76

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.80

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:v2.85

Trust: 0.6

sources: CNVD: CNVD-2021-100379 // JVNDB: JVNDB-2021-016229 // NVD: CVE-2021-44522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44522
value: HIGH

Trust: 1.0

NVD: CVE-2021-44522
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-100379
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202112-1234
value: HIGH

Trust: 0.6

VULHUB: VHN-407753
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-44522
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-100379
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-407753
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-44522
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-44522
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-100379 // VULHUB: VHN-407753 // JVNDB: JVNDB-2021-016229 // CNNVD: CNNVD-202112-1234 // NVD: CVE-2021-44522

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:Leakage of resources to the wrong area (CWE-668) [ others ]

Trust: 0.8

sources: VULHUB: VHN-407753 // JVNDB: JVNDB-2021-016229 // NVD: CVE-2021-44522

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-1234

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-1234

PATCH

title:SSA-160202 Siemens Security Advisoryurl:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 0.8

title:Patch for SiPass integrated access control vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/306221

Trust: 0.6

title:Siemens SiPass Integrated and Siveillance Identity Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175714

Trust: 0.6

sources: CNVD: CNVD-2021-100379 // JVNDB: JVNDB-2021-016229 // CNNVD: CNNVD-202112-1234

EXTERNAL IDS

db:NVDid:CVE-2021-44522

Trust: 3.9

db:SIEMENSid:SSA-160202

Trust: 2.3

db:SIEMENSid:SSA-463116

Trust: 1.7

db:ICS CERTid:ICSA-21-350-14

Trust: 1.4

db:ICS CERTid:ICSA-21-350-19

Trust: 0.8

db:JVNid:JVNVU96592426

Trust: 0.8

db:JVNDBid:JVNDB-2021-016229

Trust: 0.8

db:CNVDid:CNVD-2021-100379

Trust: 0.6

db:CS-HELPid:SB2022010612

Trust: 0.6

db:CNNVDid:CNNVD-202112-1234

Trust: 0.6

db:VULHUBid:VHN-407753

Trust: 0.1

sources: CNVD: CNVD-2021-100379 // VULHUB: VHN-407753 // JVNDB: JVNDB-2021-016229 // CNNVD: CNNVD-202112-1234 // NVD: CVE-2021-44522

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

Trust: 2.3

url:https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-44522

Trust: 1.4

url:https://jvn.jp/vu/jvnvu96592426/

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022010612

Trust: 0.6

sources: CNVD: CNVD-2021-100379 // VULHUB: VHN-407753 // JVNDB: JVNDB-2021-016229 // CNNVD: CNNVD-202112-1234 // NVD: CVE-2021-44522

CREDITS

Siemens reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202112-1234

SOURCES

db:CNVDid:CNVD-2021-100379
db:VULHUBid:VHN-407753
db:JVNDBid:JVNDB-2021-016229
db:CNNVDid:CNNVD-202112-1234
db:NVDid:CVE-2021-44522

LAST UPDATE DATE

2024-08-14T12:44:20.973000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-100379date:2022-01-26T00:00:00
db:VULHUBid:VHN-407753date:2021-12-17T00:00:00
db:JVNDBid:JVNDB-2021-016229date:2022-12-08T05:30:00
db:CNNVDid:CNNVD-202112-1234date:2022-01-07T00:00:00
db:NVDid:CVE-2021-44522date:2021-12-17T02:06:42.010

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-100379date:2021-12-15T00:00:00
db:VULHUBid:VHN-407753date:2021-12-14T00:00:00
db:JVNDBid:JVNDB-2021-016229date:2022-12-08T00:00:00
db:CNNVDid:CNNVD-202112-1234date:2021-12-14T00:00:00
db:NVDid:CVE-2021-44522date:2021-12-14T12:15:12.023