CVE-2021-37199 - OpenCVE

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Sinumerik 808d Sinumerik 808d Firmware Sinumerik 828d Sinumerik 828d Firmware

Configuration 1 [-]

AND

cpe:2.3:h:siemens:sinumerik_808d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:sinumerik_808d_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-10-12T09:49:37

Updated: 2024-08-04T01:16:03.969Z

Reserved: 2021-07-21T00:00:00

Link: CVE-2021-37199

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-12T10:15:12.600

Modified: 2021-10-19T11:55:23.290

Link: CVE-2021-37199

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SINUMERIK 808D", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SINUMERIK 828D", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V4.95"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-12T09:49:37", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-37199", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SINUMERIK 808D", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SINUMERIK 828D", "version": {"version_data": [{"version_value": "All versions < V4.95"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:16:03.969Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-37199", "datePublished": "2021-10-12T09:49:37", "dateReserved": "2021-07-21T00:00:00", "dateUpdated": "2024-08-04T01:16:03.969Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_808d:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B6A9DDC-D9C6-4497-8948-295C4AB567DA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_808d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6656E410-ED0B-413E-A173-D21DA005123E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D97047C-9772-4AEB-B993-131EBBAE33BA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2996DBE9-0573-4D62-A4E5-AE39F3A8978F", "versionEndExcluding": "4.95", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINUMERIK 808D (Todas las versiones), SINUMERIK 828D (Todas las versiones anteriores a V4.95). Los dispositivos afectados no procesan correctamente determinados paquetes especialmente dise\u00f1ados enviados al puerto 102/tcp, lo que podr\u00eda permitir a un atacante causar una denegaci\u00f3n de servicio en el dispositivo"}], "id": "CVE-2021-37199", "lastModified": "2021-10-19T11:55:23.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-12T10:15:12.600", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-178380.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "productcert@siemens.com", "type": "Secondary"}]}