CVE-2021-25677 Information
Jun 07, 2022
cve
Description
A vulnerability has been identified in Nucleus NET (All versions) Nucleus ReadyStart V3 (All versions < V2017.02.3) Nucleus ReadyStart V4 (All versions < V4.1.0) Nucleus Source Code (Versions including affected DNS modules) SIMOTICS CONNECT 400 (All versions < V0.5.0.0) SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
5.3
Share on: