CVE-2021-27393

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*

History

22 Apr 2022, 19:38

Type Values Removed Values Added
CPE cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*

11 Jan 2022, 12:15

Type Values Removed Values Added
Summary A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving. A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

17 Nov 2021, 22:17

Type Values Removed Values Added
Summary A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving. A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

11 Nov 2021, 03:09

Type Values Removed Values Added
CPE cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*

Information

Published : 2021-04-22 21:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-27393

Mitre link : CVE-2021-27393

CVE.ORG link : CVE-2021-27393


JSON object : View

Products Affected

siemens

  • nucleus_readystart_v3
  • nucleus_net
  • nucleus_source_code
CWE
CWE-330

Use of Insufficiently Random Values