Lucene search

SiemensCVELIST:CVE-2021-42023

HistoryDec 14, 2021 - 12:00 a.m.

CVE-2021-42023

2021-12-1400:00:00

CWE-522

siemens

www.cve.org

cve-2021-42023

rsa implementation

private keys

ip data protection

ieee 1735

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

23.8%

JSON

A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "ModelSim Simulation",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Siemens",
    "product": "Questa Simulation",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf