Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-176
Vulnerability from certfr_avis - Published: 2021-03-10 - Updated: 2021-03-10
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SENTRON PAC3200 versions antérieures à 2.4.7 | ||
| Siemens | N/A | SENTRON 3VA COM100/800, 3VA DSP800, PAC2200 toutes versions | ||
| Siemens | N/A | SCALANCE XM400 et XR500 versions antérieures à 6.2 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM version 5.4 | ||
| Siemens | N/A | RUGGEDCOM RM1224, SCALANCE M-800 et Scalance S615 versions 4.3 et ultérieures | ||
| Siemens | N/A | SENTRON PAC3220 versions antérieures à 3.2.0 | ||
| Siemens | N/A | module Mendix Forgot Password versions antérieures à 3.2.1 | ||
| Siemens | N/A | SIMATIC NET CM 1542-1 toutes versions | ||
| Siemens | N/A | Solid Edge SE2020 versions antérieures à SE2020MP13 | ||
| Siemens | N/A | SINEMA remote connect server versions antérieures à 3.0 | ||
| Siemens | N/A | SCALANCE SC-600 versions antérieures à 2.1.3 | ||
| Siemens | N/A | LOGO! 8 BM toutes versions (y compris les versions SIPLUS) | ||
| Siemens | N/A | PLUSCONTROL 1st Gen toutes versions | ||
| Siemens | N/A | SENTRON PAC4200 versions antérieures à 2.3.0 | ||
| Siemens | N/A | Luxion KeyShot versions antérieures à 10.1 | ||
| Siemens | N/A | SCALANCE X300WG et Xx200 versions antérieures à 4.1 | ||
| Siemens | N/A | SIMATIC MV400 versions antérieures à 7.0.6 | ||
| Siemens | N/A | Solid Edge SE2021 versions antérieures à SE2021MP3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SENTRON PAC3200 versions ant\u00e9rieures \u00e0 2.4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 3VA COM100/800, 3VA DSP800, PAC2200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM400 et XR500 versions ant\u00e9rieures \u00e0 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM version 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224, SCALANCE M-800 et Scalance S615 versions 4.3 et ult\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON PAC3220 versions ant\u00e9rieures \u00e0 3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "module Mendix Forgot Password versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET CM 1542-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2020 versions ant\u00e9rieures \u00e0 SE2020MP13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA remote connect server versions ant\u00e9rieures \u00e0 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC-600 versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 8 BM toutes versions (y compris les versions SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLUSCONTROL 1st Gen toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON PAC4200 versions ant\u00e9rieures \u00e0 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Luxion KeyShot versions ant\u00e9rieures \u00e0 10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X300WG et Xx200 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400 versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25667",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25667"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2021-27381",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27381"
},
{
"name": "CVE-2021-25673",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25673"
},
{
"name": "CVE-2020-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28387"
},
{
"name": "CVE-2020-25241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25241"
},
{
"name": "CVE-2021-22647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22647"
},
{
"name": "CVE-2021-22643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22643"
},
{
"name": "CVE-2021-25672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25672"
},
{
"name": "CVE-2021-27380",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27380"
},
{
"name": "CVE-2021-22649",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22649"
},
{
"name": "CVE-2021-22651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22651"
},
{
"name": "CVE-2021-25676",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25676"
},
{
"name": "CVE-2021-25674",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25674"
},
{
"name": "CVE-2021-22645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22645"
},
{
"name": "CVE-2019-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3823"
},
{
"name": "CVE-2020-28385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28385"
},
{
"name": "CVE-2019-10926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10926"
},
{
"name": "CVE-2020-13987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13987"
},
{
"name": "CVE-2020-27632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27632"
},
{
"name": "CVE-2020-25239",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25239"
},
{
"name": "CVE-2020-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25236"
},
{
"name": "CVE-2021-25675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25675"
},
{
"name": "CVE-2020-25240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25240"
},
{
"name": "CVE-2019-10925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10925"
},
{
"name": "CVE-2020-17437",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17437"
}
],
"initial_release_date": "2021-03-10T00:00:00",
"last_revision_date": "2021-03-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-176",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-599268 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-979775 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-541018 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-715184 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-936080 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-231216 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-783481 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-783481.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-296266 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-296266.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731317 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731317.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-256092 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-256092.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-344238 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-917115 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-816980 du 09 mars 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf"
}
]
}
CVE-2020-28385 (GCVE-0-2020-28385)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2024-08-04 16:33
VLAI
EPSS
Summary
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)
Severity
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Solid Edge SE2020 |
Affected:
All versions < SE2020MP13
|
|
| Siemens | Solid Edge SE2021 |
Affected:
All Versions < SE2021MP4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solid Edge SE2020",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c SE2020MP13"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c SE2021MP4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-28385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All versions \u003c SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c SE2021MP4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All versions \u003c SE2020MP13), Solid Edge SE2021 (All Versions \u003c SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-28385",
"datePublished": "2021-03-15T17:03:30.000Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:59.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28387 (GCVE-0-2020-28387)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2024-08-04 16:33
VLAI
EPSS
Summary
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)
Severity
No CVSS data available.
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Solid Edge SE2020 |
Affected:
All Versions < SE2020MP13
|
|
| Siemens | Solid Edge SE2021 |
Affected:
All Versions < SE2021MP3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:59.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solid Edge SE2020",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c SE2020MP13"
}
]
},
{
"product": "Solid Edge SE2021",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c SE2021MP3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP13), Solid Edge SE2021 (All Versions \u003c SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-28387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solid Edge SE2020",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c SE2020MP13"
}
]
}
},
{
"product_name": "Solid Edge SE2021",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c SE2021MP3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Solid Edge SE2020 (All Versions \u003c SE2020MP13), Solid Edge SE2021 (All Versions \u003c SE2021MP3). When opening a specially crafted SEECTCXML file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11923)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-715184.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-28387",
"datePublished": "2021-03-15T17:03:30.000Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:33:59.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28388 (GCVE-0-2020-28388)
Vulnerability from cvelistv5 – Published: 2021-02-09 00:00 – Updated: 2026-06-02 20:14
VLAI
EPSS
Summary
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-342 - Predictable Exact Value from Previous Values
Assigner
References
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | APOGEE PXC Compact (BACnet) |
Affected:
All versions < V3.5.5
|
|
| Siemens | APOGEE PXC Compact (P2 Ethernet) |
Affected:
All versions < V2.8.20
|
|
| Siemens | APOGEE PXC Modular (BACnet) |
Affected:
All versions < V3.5.5
|
|
| Siemens | APOGEE PXC Modular (P2 Ethernet) |
Affected:
All versions < V2.8.20
|
|
| Siemens | Nucleus NET |
Affected:
All versions < V5.2
|
|
| Siemens | Nucleus ReadyStart V3 |
Affected:
All versions < V2012.12
|
|
| Siemens | Nucleus Source Code |
Affected:
All versions
|
|
| Siemens | PLUSCONTROL 1st Gen |
Affected:
All versions
|
|
| Siemens | TALON TC Compact (BACnet) |
Affected:
All versions < V3.5.5
|
|
| Siemens | TALON TC Modular (BACnet) |
Affected:
All versions < V3.5.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-28388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T19:29:04.600159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T20:14:56.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Compact (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8.20"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "APOGEE PXC Modular (P2 Ethernet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.8.20"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus NET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus ReadyStart V3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2012.12"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus Source Code",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "PLUSCONTROL 1st Gen",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "TALON TC Compact (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "TALON TC Modular (BACnet)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.20), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.20), Nucleus NET (All versions \u003c V5.2), Nucleus ReadyStart V3 (All versions \u003c V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions \u003c V3.5.5), TALON TC Modular (BACnet) (All versions \u003c V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-342",
"description": "CWE-342: Predictable Exact Value from Previous Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T09:20:06.562Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-28388",
"datePublished": "2021-02-09T00:00:00.000Z",
"dateReserved": "2020-11-10T00:00:00.000Z",
"dateUpdated": "2026-06-02T20:14:56.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-22643 (GCVE-0-2021-22643)
Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
VLAI
EPSS
Summary
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-125 - OUT-OF-BOUNDS READ CWE-125
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Luxion KeyShot |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Viewer |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Network Rendering |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyVR |
Affected:
versions prior to 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Luxion KeyShot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Viewer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Network Rendering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "OUT-OF-BOUNDS READ CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T23:07:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-319/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-316/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22643",
"datePublished": "2021-02-23T03:13:36.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:44:14.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22645 (GCVE-0-2021-22645)
Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:44
VLAI
EPSS
Summary
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning.
Severity
No CVSS data available.
CWE
- CWE-357 - INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Luxion KeyShot |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Viewer |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Network Rendering |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyVR |
Affected:
versions prior to 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Luxion KeyShot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Viewer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Network Rendering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-357",
"description": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T23:07:05.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a \u201cload\u201d command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENT UI WARNING OF DANGEROUS OPERATIONS CWE-357"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-323/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22645",
"datePublished": "2021-02-23T03:02:08.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:44:13.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22647 (GCVE-0-2021-22647)
Vulnerability from cvelistv5 – Published: 2021-02-23 03:13 – Updated: 2024-08-03 18:44
VLAI
EPSS
Summary
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-787 - OUT-OF-BOUNDS WRITE CWE-787
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Luxion KeyShot |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Viewer |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Network Rendering |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyVR |
Affected:
versions prior to 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Luxion KeyShot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Viewer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Network Rendering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "OUT-OF-BOUNDS WRITE CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T23:07:06.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-322/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-321/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-320/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-326/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-318/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22647",
"datePublished": "2021-02-23T03:13:39.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:44:14.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22649 (GCVE-0-2021-22649)
Vulnerability from cvelistv5 – Published: 2021-02-23 03:02 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-822 - UNTRUSTED POINTER DEREFERENCE CWE-822
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Luxion KeyShot |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Viewer |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Network Rendering |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyVR |
Affected:
versions prior to 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Luxion KeyShot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Viewer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Network Rendering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "UNTRUSTED POINTER DEREFERENCE CWE-822",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T23:07:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-317/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-325/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22649",
"datePublished": "2021-02-23T03:02:05.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:05.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22651 (GCVE-0-2021-22651)
Vulnerability from cvelistv5 – Published: 2021-02-23 17:45 – Updated: 2024-08-03 18:51
VLAI
EPSS
Summary
When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders.
Severity
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Luxion KeyShot versions |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Viewer |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyShot Network Rendering |
Affected:
versions prior to 10.1
|
|
| n/a | Luxion KeyVR |
Affected:
versions prior to 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Luxion KeyShot versions",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Viewer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyShot Network Rendering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
},
{
"product": "Luxion KeyVR",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-16T23:07:07.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-22651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Luxion KeyShot versions",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Viewer",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyShot Network Rendering",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
},
{
"product_name": "Luxion KeyVR",
"version": {
"version_data": [
{
"version_value": "versions prior to 10.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-035-01"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-231216.pdf"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-324/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22651",
"datePublished": "2021-02-23T17:45:36.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25667 (GCVE-0-2021-25667)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2026-06-02 19:24
VLAI
EPSS
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03 | x_refsource_MISC |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 |
Affected:
All versions >= V4.3 and < V6.4
|
|
| Siemens | SCALANCE M-800 |
Affected:
All versions >= V4.3 and < V6.4
|
|
| Siemens | SCALANCE S615 |
Affected:
All versions >= V4.3 and < V6.4
|
|
| Siemens | SCALANCE SC-600 Family |
Affected:
All versions >= V2.0 and < V2.1.3
|
|
| Siemens | SCALANCE XB-200 |
Affected:
All versions < V4.1
|
|
| Siemens | SCALANCE XC-200 |
Affected:
All versions < V4.1
|
|
| Siemens | SCALANCE XF-200BA |
Affected:
All versions < V4.1
|
|
| Siemens | SCALANCE XM400 |
Affected:
All versions < V6.2
|
|
| Siemens | SCALANCE XP-200 |
Affected:
All versions < V4.1
|
|
| Siemens | SCALANCE XR-300WG |
Affected:
All versions < V4.1
|
|
| Siemens | SCALANCE XR500 |
Affected:
All versions < V6.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-25667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T19:24:14.973158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T19:24:47.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RUGGEDCOM RM1224",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE M-800",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE S615",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
},
{
"product": "SCALANCE SC-600 Family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
},
{
"product": "SCALANCE XB-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XC-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XF-200BA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XM400",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
},
{
"product": "SCALANCE XP-200",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR-300WG",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE XR500",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T20:42:20.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RUGGEDCOM RM1224",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE M-800",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE S615",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V4.3 and \u003c V6.4"
}
]
}
},
{
"product_name": "SCALANCE SC-600 Family",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.0 and \u003c V2.1.3"
}
]
}
},
{
"product_name": "SCALANCE XB-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XC-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XF-200BA",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XM400",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
},
{
"product_name": "SCALANCE XP-200",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR-300WG",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE XR500",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V6.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25667",
"datePublished": "2021-03-15T17:03:31.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2026-06-02T19:24:47.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-25672 (GCVE-0-2021-25672)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:03 – Updated: 2024-08-03 20:11
VLAI
EPSS
Summary
A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix Forgot Password Appstore module |
Affected:
All Versions < V3.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.709Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mendix Forgot Password Appstore module",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V3.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions \u003c V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-15T17:03:31.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mendix Forgot Password Appstore module",
"version": {
"version_data": [
{
"version_value": "All Versions \u003c V3.2.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions \u003c V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-917115.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25672",
"datePublished": "2021-03-15T17:03:31.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:11:27.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…