CVE-2021-27389 - OpenCVE

A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Opcenter Quality Qms Automotive

Configuration 1 [-]

OR	cpe:2.3:a:siemens:opcenter_quality::::::::
	cpe:2.3:a:siemens:qms_automotive::::::::

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-04-22T20:42:21

Updated: 2024-08-03T20:48:16.625Z

Reserved: 2021-02-18T00:00:00

Link: CVE-2021-27389

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-22T21:15:10.333

Modified: 2021-04-30T14:46:57.973

Link: CVE-2021-27389

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Opcenter Quality", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V12.2"}]}, {"product": "QMS Automotive", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V12.30"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321: Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-22T20:42:21", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-27389", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Opcenter Quality", "version": {"version_data": [{"version_value": "All versions < V12.2"}]}}, {"product_name": "QMS Automotive", "version": {"version_data": [{"version_value": "All versions < V12.30"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-321: Use of Hard-coded Cryptographic Key"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:48:16.625Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-27389", "datePublished": "2021-04-22T20:42:21", "dateReserved": "2021-02-18T00:00:00", "dateUpdated": "2024-08-03T20:48:16.625Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:opcenter_quality:*:*:*:*:*:*:*:*", "matchCriteriaId": "8374434A-5309-4C0D-A768-386CFD1E7523", "versionEndExcluding": "12.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:qms_automotive:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1103918-45CF-4B0A-B386-8E0B7D0A273E", "versionEndExcluding": "12.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All versions < V12.30). A private sign key is shipped with the product without adequate protection."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Opcenter Quality (Todas las versiones anteriores a V12.2), QMS Automotive (Todas las versiones anteriores a V12.30). Una clave de se\u00f1al privada es enviada con el producto sin la protecci\u00f3n adecuada"}], "id": "CVE-2021-27389", "lastModified": "2021-04-30T14:46:57.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-22T21:15:10.333", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "productcert@siemens.com", "type": "Primary"}]}