GHSA-596h-hvjh-ffpf

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Ссылки

EPSS

Процентиль: 59%

0.00385

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2021-25677

Дефекты

CWE-330

Связанные уязвимости

CVE-2021-25677

CVSS3: 5.3

nvd

почти 5 лет назад

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

BDU:2021-02175

CVSS3: 5.3

fstec

почти 5 лет назад

Уязвимость DNS-клиента, связанная с ошибками при рандомизации идентификаторов транзакций DNS, позволяющая нарушителю оказать воздействие на целостность данных

EPSS

Процентиль: 59%

0.00385

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2021-25677

Дефекты

CWE-330