Lucene search
China National Vulnerability DatabaseCNVD-2021-89440HistoryNov 11, 2021 - 12:00 a.m.
Multiple Siemens products incorrectly zero-terminated vulnerabilities
2021-11-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
16
siemens products
zero-terminated vulnerability
nucleus net module
dhcp client
denial-of-service
security vulnerability
out-of-bounds
EPSS
0.003
Percentile
70.9%
The Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. A security vulnerability exists in several Siemens products, which stems from the DHCP client application assuming that the data provided with the “hostname” DHCP option NULL is terminated. An attacker could exploit the vulnerability to cause out-of-bounds reads, out-of-bounds writes, and denial-of-service conditions.
Related
cvelist
cvelist
CVE-2021-31884
2021-11-09 11:31:57
prion
prion
Design/Logic Flaw
2021-11-09 12:15:00
cve
cve
CVE-2021-31884
2021-11-09 12:15:09
nvd
nvd
CVE-2021-31884
2021-11-09 12:15:09
nessus
nessus
ics
ics
Siemens Capital VSTAR (Update A)
2022-11-10 12:00:00
Siemens Nucleus RTOS TCP/IP Stack
2021-11-17 12:00:00
Siemens Nucleus RTOS-based APOGEE and TALON Products (Update C)
2022-05-12 12:00:00
f5
f5
K000135330 : Multiple Nucleus TCP/IP stack vulnerabilities
2023-06-30 00:00:00