CVE-2021-27393 vulnerability in Siemens Products
Published on April 22, 2021
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
Weakness Type
Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.
Products Associated with CVE-2021-27393
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens Nucleus NET:- Version All versions is affected.
- Version All versions < V2013.08 is affected.
- Version Versions including affected DNS modules is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.