First published: Thu Apr 22 2021(Updated: )
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Nucleus NET | ||
Siemens Nucleus ReadyStart v3 | <2013.08 | |
Siemens Nucleus Source Code |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27393 is a vulnerability identified in Nucleus NET, Nucleus ReadyStart V3, and Nucleus Source Code that allows an attacker to poison the DNS client by not properly randomizing UDP port numbers of DNS requests.
The severity of CVE-2021-27393 is medium with a CVSS v3.1 base score of 5.3.
CVE-2021-27393 affects Siemens Nucleus NET, Siemens Nucleus ReadyStart V3 (versions earlier than V2013.08), and Siemens Nucleus Source Code (versions including affected DNS modules).
An attacker can exploit CVE-2021-27393 by manipulating DNS requests and poisoning the DNS client.
Yes, Siemens has provided a fix for CVE-2021-27393. Please refer to the vendor's security advisory for more information.