Details of VAR-202201-0774

ID

VAR-202201-0774

CVE

CVE-2021-45460

TITLE

SICAM PQ Analyzer Unquoted Search Path or Element Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003005

DESCRIPTION

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service. SICAM PQ Analyzer contains an unquoted search path or element vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SICAM PQ Analyzer is a power quality system software that provides the option of evaluating archived PQ measurement data and fault records

Trust: 2.16

sources: NVD: CVE-2021-45460 // JVNDB: JVNDB-2022-003005 // CNVD: CNVD-2022-02751

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-02751

AFFECTED PRODUCTS

vendor:	siemens	model:	sicam pq analyzer	scope:	lt	version:	3.18	Trust: 1.6
vendor:	シーメンス	model:	sicam pq analyzer	scope:	eq	version:	sicam pq analyzer firmware 3.18	Trust: 0.8
vendor:	シーメンス	model:	sicam pq analyzer	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2022-02751 // JVNDB: JVNDB-2022-003005 // NVD: CVE-2021-45460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-45460
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-45460
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-02751
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-869
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-45460
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-02751
severity:	LOW
baseScore:	3.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-45460
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-45460
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-02751 // JVNDB: JVNDB-2022-003005 // CNNVD: CNNVD-202201-869 // NVD: CVE-2021-45460

PROBLEMTYPE DATA

problemtype:	CWE-428	Trust: 1.0
problemtype:	unquoted search path or element (CWE-428) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-003005 // NVD: CVE-2021-45460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-869

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202201-869

PATCH

title:	SSA-173318	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf	Trust: 0.8
title:	Patch for Siemens SICAM PQ Analyzer Search Path Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/312991	Trust: 0.6
title:	Siemens Sicam Pq Analyzer Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178728	Trust: 0.6

sources: CNVD: CNVD-2022-02751 // JVNDB: JVNDB-2022-003005 // CNNVD: CNNVD-202201-869

EXTERNAL IDS

db:	NVD	id:	CVE-2021-45460	Trust: 3.8
db:	SIEMENS	id:	SSA-173318	Trust: 2.2
db:	ICS CERT	id:	ICSA-22-013-06	Trust: 1.4
db:	JVN	id:	JVNVU98508242	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-003005	Trust: 0.8
db:	CNVD	id:	CNVD-2022-02751	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-869	Trust: 0.6

sources: CNVD: CNVD-2022-02751 // JVNDB: JVNDB-2022-003005 // CNNVD: CNNVD-202201-869 // NVD: CVE-2021-45460

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45460	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu98508242/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-06	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-013-06	Trust: 0.6

sources: CNVD: CNVD-2022-02751 // JVNDB: JVNDB-2022-003005 // CNNVD: CNNVD-202201-869 // NVD: CVE-2021-45460

CREDITS

Siemens has released an update for the SICAM PQ Analyzer and recommends users update to

Trust: 0.6

sources: CNNVD: CNNVD-202201-869

SOURCES

db:	CNVD	id:	CNVD-2022-02751
db:	JVNDB	id:	JVNDB-2022-003005
db:	CNNVD	id:	CNNVD-202201-869
db:	NVD	id:	CVE-2021-45460

LAST UPDATE DATE

2024-11-23T20:51:27.280000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-02751	date:	2022-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2022-003005	date:	2023-02-02T05:18:00
db:	CNNVD	id:	CNNVD-202201-869	date:	2022-02-10T00:00:00
db:	NVD	id:	CVE-2021-45460	date:	2024-11-21T06:32:15.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-02751	date:	2022-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-003005	date:	2023-02-02T00:00:00
db:	CNNVD	id:	CNNVD-202201-869	date:	2022-01-11T00:00:00
db:	NVD	id:	CVE-2021-45460	date:	2022-01-11T12:15:10.193