var-202104-1925
Vulnerability from variot
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services.
Siemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202104-1925", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "nucleus net", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nucleus source code", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2017.02.4" }, { "model": "nucleus readystart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "capital vstar", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "vstar", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus source code", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus net", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus readystart", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "nucleus", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4\u003cv4.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2017.02.4", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-25663" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 0.6 }, "cve": "CVE-2021-25663", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2021-28697", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-25663", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-25663", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2021-25663", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-28697", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-995", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-25663", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. The Nucleus NET module contains a series of standard-compliant network and communication protocols, drivers and utilities to provide full-featured network support in any embedded device. Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for the scalability and reliability of systems in aerospace, industrial and medical applications. VSTAR is a complete AUTOSAR 4 based ECU solution that provides tools and embedded software for timely product deployment. Nucleus ReadyStart is a platform with integrated software IP, tools and services. \n\r\n\r\nSiemens Nucleus products have security vulnerabilities. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-25663" }, { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-25663" } ], "trust": 2.07 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-248289", "trust": 2.3 }, { "db": "NVD", "id": "CVE-2021-25663", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-21-103-05", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2021-28697", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041414", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1245", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-995", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-25663", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "id": "VAR-202104-1925", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ], "trust": 1.12252286 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ] }, "last_update_date": "2024-02-13T21:49:33.153000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens Nucleus product IPv6 stack denial of service vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/258466" }, { "title": "siemens Nucleus Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=147375" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2e667a20dc904cea13ad0154c0461a55" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-995" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-835", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2021-25663" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf" }, { "trust": 2.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041414" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1245" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25663" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/835.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-248289.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-28697" }, { "db": "VULMON", "id": "CVE-2021-25663" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" }, { "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28697" }, { "date": "2021-04-22T00:00:00", "db": "VULMON", "id": "CVE-2021-25663" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-995" }, { "date": "2021-04-22T21:15:09.957000", "db": "NVD", "id": "CVE-2021-25663" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-04-15T00:00:00", "db": "CNVD", "id": "CNVD-2021-28697" }, { "date": "2021-04-30T00:00:00", "db": "VULMON", "id": "CVE-2021-25663" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-11-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-995" }, { "date": "2024-02-13T09:15:43.143000", "db": "NVD", "id": "CVE-2021-25663" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Nucleus product IPv6 stack denial of service vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2021-28697" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202104-995" } ], "trust": 1.2 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.