Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-27393

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Published

2021-04-22T21:15:10.393

Last Modified

2024-11-21T05:57:54.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-330
Type: Secondary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	nucleus_net	*	Yes
Application	siemens	nucleus_readystart_v3	< 2013.08	Yes
Application	siemens	nucleus_source_code	-	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)