Unrated severityNVD Advisory· Published Apr 22, 2021· Updated Aug 3, 2024

CVE-2021-27393

Description

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Affected products

Siemens Foundation/Nucleus NETcpe-rescue
Range: All versions
Siemens Foundation/Nucleus ReadyStart V3 V2012cpe-rescue
Range: All versions < V2013.08
Siemens/Nucleus Source Codev5
Range: Versions including affected DNS modules

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-201384.pdfmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000