Lucene search

[email protected]CVE-2021-42021

HistoryNov 09, 2021 - 12:15 p.m.

CVE-2021-42021

2021-11-0912:15:10

CWE-26

CWE-22

[email protected]

web.nvd.nist.gov

cve-2021-42021

siveillance video

dlna server

path traversal vulnerability

remote attackers

arbitrary files

information disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks.

Affected configurations

NVD

Node

siemenssiveillance_video_management_software_2019_r1

siemenssiveillance_video_management_software_2019_r2

siemenssiveillance_video_management_software_2019_r3

siemenssiveillance_video_management_software_2020_r1Match-

siemenssiveillance_video_management_software_2020_r2Match-

AND

siemenssiveillance_video_dlna_serverMatch-

CPENameOperatorVersion
siemens:siveillance_video_management_software_2019_r1siemens siveillance video management software 2019 r1eq*
siemens:siveillance_video_management_software_2019_r2siemens siveillance video management software 2019 r2eq*
siemens:siveillance_video_management_software_2019_r3siemens siveillance video management software 2019 r3eq*
siemens:siveillance_video_management_software_2020_r1siemens siveillance video management software 2020 r1eq-
siemens:siveillance_video_management_software_2020_r2siemens siveillance video management software 2020 r2eq-

CPE	Name	Operator	Version
siemens:siveillance_video_management_software_2019_r1	siemens siveillance video management software 2019 r1	eq	*
siemens:siveillance_video_management_software_2019_r2	siemens siveillance video management software 2019 r2	eq	*
siemens:siveillance_video_management_software_2019_r3	siemens siveillance video management software 2019 r3	eq	*
siemens:siveillance_video_management_software_2020_r1	siemens siveillance video management software 2020 r1	eq	-
siemens:siveillance_video_management_software_2020_r2	siemens siveillance video management software 2020 r2	eq	-

CNA Affected

[
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2019 R1"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2019 R2"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2019 R3"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2020 R1"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2020 R2"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2020 R3"
      }
    ]
  },
  {
    "product": "Siveillance Video DLNA Server",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "2021 R1"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2021-42021

prion1 ics1 cvelist1 nvd1 cnvd1