CVE-2021-37166

{"id": "CVE-2021-37166", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-08-02T13:15:07.897", "references": [{"url": "https://www.armis.com/PwnedPiper", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37166-bulletin---gui-socket-denial-of-service.pdf?rev=05321b2af1064eb2a6d6e6bf77604c6b&hash=40A927FE1153AA980428C93B2EF7EB40", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker."}, {"lang": "es", "value": "Se ha detectado un problema de desbordamiento de b\u00fafer conllevando a una denegaci\u00f3n de servicio en el panel de control HMI3 del Panel Swisslog Healthcare Nexus que funciona con versiones de software anteriores a Nexus Software 7.2.5.7. Cuando HMI3 se inicia, vincula un servicio local a un puerto TCP en todas las interfaces del dispositivo, y la interfaz gr\u00e1fica de usuario tarda mucho tiempo en conectarse al socket TCP, permitiendo que la conexi\u00f3n sea secuestrada por un atacante externo"}], "lastModified": "2023-11-07T03:36:55.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9286DC1-0111-49C4-9BD4-1601AAD025A9", "versionEndExcluding": "7.2.5.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92F48887-6E68-4A96-87F6-C8DB7773C4A2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}