A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf | |
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
22 Apr 2022, 19:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:* |
First Time |
Siemens nucleus Readystart V4
Siemens nucleus Readystart V3 |
08 Mar 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
11 Jan 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
09 Nov 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. |
30 Apr 2021, 13:42
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CPE | cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf - Patch, Vendor Advisory | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf - Patch, Vendor Advisory |
22 Apr 2021, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-22 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-25677
Mitre link : CVE-2021-25677
CVE.ORG link : CVE-2021-25677
JSON object : View
Products Affected
siemens
- nucleus_readystart_v4
- nucleus_readystart_v3
- simotics_connect_400_firmware
- simotics_connect_400
- nucleus_source_code
- nucleus_net
CWE
CWE-330
Use of Insufficiently Random Values