CVE-2021-37183

{"id": "CVE-2021-37183", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-09-14T11:15:25.690", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V3.0 SP2). El software afectado permite enviar notificaciones de env\u00edo a los dispositivos administrados. Un atacante no autenticado en la misma red del sistema afectado puede abusar de estas notificaciones para causar una condici\u00f3n de denegaci\u00f3n de servicio en los dispositivos administrados"}], "lastModified": "2022-10-27T12:59:12.003", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F65F9901-F4BD-4484-9749-D5022245D686", "versionEndExcluding": "3.0"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F03BAD5-7B90-4212-ACBC-3C878C02CDAA"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5BACE03-50A7-4279-8CA5-2BB95224D485"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}