CVE-2021-25677

CWE-3303 documents3 sources

Severity

5.3MEDIUM

EPSS

0.4%

top 40.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

12

Siemens Nucleus Readystart V3 Siemens Nucleus Readystart V4 Siemens Apogee PXC Compact (bacnet)+9 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions = V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages14 packages

▶CVEListV5siemens/talon_tc_compact_(bacnet)All versions < V3.5.5

▶CVEListV5siemens/talon_tc_modular_(bacnet)All versions < V3.5.5

▶CVEListV5siemens/apogee_pxc_compact_(bacnet)All versions < V3.5.5

▶CVEListV5siemens/apogee_pxc_modular_(bacnet)All versions < V3.5.5

▶CVEListV5siemens/apogee_pxc_compact_(p2_ethernet)All versions < V2.8.20

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-596h-hvjh-ffpf: A vulnerability has been identified in Nucleus 4 (All versions = V0↗2022-05-24

▶

CVEList

CVE-2021-25677: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions = V0↗2021-04-22

▶