5.4
CVE-2021-37186
- EPSS 0.17%
- Published 14.09.2021 11:15:25
- Last modified 21.11.2024 06:14:49
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Logo! Cmr2020 Firmware Version < 2.2
Siemens ≫ Logo! Cmr2040 Firmware Version < 2.2
Siemens ≫ Simatic Rtu3010c Firmware Version < 4.0.9
Siemens ≫ Simatic Rtu3030c Firmware Version < 4.0.9
Siemens ≫ Simatic Rtu3031c Firmware Version < 4.0.9
Siemens ≫ Simatic Rtu3041c Firmware Version < 4.0.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.385 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 4.8 | 6.5 | 4.9 |
AV:A/AC:L/Au:N/C:P/I:P/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.