siemens nucleus-net CVE-2021-25677 vulnerability in Siemens Products
Published on April 22, 2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

NVD

Weakness Type

Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.


Products Associated with CVE-2021-25677

Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.

Siemens Nucleus Net
 
Siemens Nucleus Rtos
 
Siemens Vstar
 
Siemens Nucleus Source Code
 
Siemens Nucleus 4
 
Siemens Nucleus Readystart
 
Siemens Nucleus Readystart V3
 
Siemens Nucleus Readystart V4
 

Affected Versions

Siemens APOGEE PXC Compact (BACnet): Siemens APOGEE PXC Compact (P2 Ethernet): Siemens APOGEE PXC Modular (BACnet): Siemens APOGEE PXC Modular (P2 Ethernet): Siemens Nucleus NET: Siemens Nucleus ReadyStart V3: Siemens Nucleus ReadyStart V3: Siemens Nucleus ReadyStart V4: Siemens Nucleus Source Code: Siemens SIMOTICS CONNECT 400: Siemens SIMOTICS CONNECT 400: Siemens TALON TC Compact (BACnet): Siemens TALON TC Modular (BACnet):

Exploit Probability

EPSS
0.39%
Percentile
59.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.