Vulnerability Description
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Nucleus Net | All versions |
| Siemens | Nucleus Readystart V3 | < 2013.08 |
| Siemens | Nucleus Source Code | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfVendor Advisory
FAQ
What is CVE-2021-27393?
CVE-2021-27393 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does n...
How severe is CVE-2021-27393?
CVE-2021-27393 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27393?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Nucleus Net, Siemens Nucleus Readystart V3, Siemens Nucleus Source Code.