Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-25677

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Published

2021-04-22T21:15:10.207

Last Modified

2024-11-21T05:55:16.807

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-330
  • Type: Primary
    CWE-330
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System siemens simotics_connect_400_firmware ≥ 0.5.0.0 Yes
Hardware siemens simotics_connect_400 - No
Application siemens nucleus_net * Yes
Application siemens nucleus_readystart_v3 < 2017.02.4 Yes
Application siemens nucleus_readystart_v4 < 4.1.0 Yes
Application siemens nucleus_source_code - Yes
References