VAR-202112-0786
Vulnerability from variot - Updated: 2023-12-18 11:49A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. SiPass integrated is an access control system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0786",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.76"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "siveillance identity",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.280.0"
},
{
"model": "siveillance identity",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "siveillance identity",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.76"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v2.85"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.76:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.76:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siveillance_identity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.6.280.0",
"versionStartIncluding": "1.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44522",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-44522",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-100379",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-407753",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44522",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-44522",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-100379",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1234",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-407753",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions \u003c V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. SiPass integrated and Siveillance Identity Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. SiPass integrated is an access control system",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44522",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-160202",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-463116",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-14",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-21-350-19",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96592426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-100379",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010612",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-407753",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"id": "VAR-202112-0786",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
}
],
"trust": 1.28787876
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
}
]
},
"last_update_date": "2023-12-18T11:49:16.815000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-160202 Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"title": "Patch for SiPass integrated access control vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/306221"
},
{
"title": "Siemens SiPass Integrated and Siveillance Identity Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=175714"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "Leakage of resources to the wrong area (CWE-668) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44522"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96592426/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-19"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-350-14"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010612"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"db": "VULHUB",
"id": "VHN-407753"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"date": "2021-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-407753"
},
{
"date": "2022-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"date": "2021-12-14T12:15:12.023000",
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"date": "2021-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-100379"
},
{
"date": "2021-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-407753"
},
{
"date": "2022-12-08T05:30:00",
"db": "JVNDB",
"id": "JVNDB-2021-016229"
},
{
"date": "2021-12-17T02:06:42.010000",
"db": "NVD",
"id": "CVE-2021-44522"
},
{
"date": "2022-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SiPass\u00a0integrated\u00a0 and \u00a0Siveillance\u00a0Identity\u00a0 Vulnerability in leaking resources to the wrong area in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1234"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…