Lucene search

[email protected]CVE-2021-44522

HistoryDec 14, 2021 - 12:15 p.m.

CVE-2021-44522

2021-12-1412:15:12

CWE-668

[email protected]

web.nvd.nist.gov

cve-2021-44522

sipass integrated

siveillance identity

message broker

remote attacker

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

Affected configurations

NVD

Node

siemenssipass_integratedMatch2.76-

siemenssipass_integratedMatch2.76sp1

siemenssipass_integratedMatch2.80

siemenssipass_integratedMatch2.85

siemenssiveillance_identityRange1.6–1.6.280.0

siemenssiveillance_identityMatch1.5

CPENameOperatorVersion
siemens:sipass_integratedsiemens sipass integratedeq2.76
siemens:sipass_integratedsiemens sipass integratedeq2.80
siemens:sipass_integratedsiemens sipass integratedeq2.85
siemens:siveillance_identitysiemens siveillance identityle1.6.280.0
siemens:siveillance_identitysiemens siveillance identityeq1.5

CPE	Name	Operator	Version
siemens:sipass_integrated	siemens sipass integrated	eq	2.76
siemens:sipass_integrated	siemens sipass integrated	eq	2.80
siemens:sipass_integrated	siemens sipass integrated	eq	2.85
siemens:siveillance_identity	siemens siveillance identity	le	1.6.280.0
siemens:siveillance_identity	siemens siveillance identity	eq	1.5

CNA Affected

[
  {
    "product": "SiPass integrated V2.76",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SiPass integrated V2.80",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SiPass integrated V2.85",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Siveillance Identity V1.5",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Siveillance Identity V1.6",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1.6.284.0"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf

cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf

Social References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2021-44522

cvelist1 nvd1 prion1 cnvd1 ics2