CVE-2021-22924

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

CVSS v3 3.7 LOW
CVSS v2.0 4.3 MEDIUM

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf	Third Party Advisory
https://hackerone.com/reports/1223565	Exploit Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0003/	Third Party Advisory
https://www.debian.org/security/2022/dsa-5197	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:siemens:sinec_infrastructure_network_services::::::::
	cpe:2.3:a:siemens:sinema_remote_connect_server::::::::

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:logo\!_cmr2040_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!_cmr2040:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:logo\!_cmr2020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!_cmr2020:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*

Configuration 26 (hide)

cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 28 (hide)

OR	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*

History

No history.

Information

Published : 2021-08-05 21:15

Updated : 2024-03-27 15:11

NVD link : CVE-2021-22924

Mitre link : CVE-2021-22924

CVE.ORG link : CVE-2021-22924

JSON object : View

Products Affected

siemens

logo\!_cmr2040
scalance_m816-1_firmware
scalance_m804pb
scalance_m874-2_firmware
simatic_cp_1545-1
simatic_rtu3030c_firmware
scalance_s615_firmware
ruggedcomrm_1224_lte_firmware
scalance_m876-3_firmware
simatic_rtu_3041c_firmware
sinema_remote_connect_server
scalance_m826-2_firmware
simatic_rtu3031c_firmware
scalance_m816-1
scalance_m804pb_firmware
simatic_rtu3031c
sinec_infrastructure_network_services
scalance_m874-3
ruggedcomrm_1224_lte
siplus_net_cp_1543-1
logo\!_cmr2040_firmware
scalance_m874-2
scalance_m874-3_firmware
simatic_cp_1543-1_firmware
simatic_cp_1543-1
simatic_cp_1545-1_firmware
scalance_s615
simatic_rtu3010c
scalance_m876-3
scalance_mum856-1_firmware
simatic_rtu_3041c
scalance_m812-1
simatic_rtu3030c
simatic_rtu3010c_firmware
sinema_remote_connect
logo\!_cmr2020_firmware
siplus_net_cp_1543-1_firmware
scalance_m812-1_firmware
scalance_mum856-1
scalance_m876-4_firmware
logo\!_cmr2020
scalance_m826-2
scalance_m876-4

debian

debian_linux

netapp

cloud_backup
clustered_data_ontap
solidfire_baseboard_management_controller_firmware
solidfire_\&_hci_management_node

fedoraproject

fedora

oracle

mysql_server
peoplesoft_enterprise_peopletools

splunk

universal_forwarder

haxx

libcurl

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

CWE-20

Improper Input Validation

{"id": "CVE-2021-22924", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2021-08-05T21:15:11.380", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1223565", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", "tags": ["Mailing List", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://security.netapp.com/advisory/ntap-20210902-0003/", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.debian.org/security/2022/dsa-5197", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-706"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate."}, {"lang": "es", "value": "libcurl mantiene las conexiones usadas previamente en un pool de conexiones para reusarlas en posteriores transferencias, si una de ellas coincide con la configuraci\u00f3n. Debido a errores en la l\u00f3gica, la funci\u00f3n de coincidencia de la configuraci\u00f3n no ten\u00eda en cuenta \"issuercert\" y comparaba las rutas implicadas *sin tener en cuenta el caso*, que pod\u00eda conllevar a que libcurl reusara conexiones err\u00f3neas. Las rutas de los archivos son, o pueden ser, casos confidenciales en muchos sistemas, pero no en todos, y pueden incluso variar dependiendo de los sistemas de archivos usados. La comparaci\u00f3n tampoco inclu\u00eda el \"issuercert\" que una transferencia puede ajustar para calificar c\u00f3mo verificar el certificado del servidor"}], "lastModified": "2024-03-27T15:11:45.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FDD6146-08DE-414A-AF65-668F1A002099", "versionEndExcluding": "7.77.0", "versionStartIncluding": "7.10.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163"}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E"}, {"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E74B879-B396-496C-979B-8A7211EDCA0D", "versionEndIncluding": "5.7.36", "versionStartIncluding": "5.7.0"}, {"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6", "versionEndIncluding": "8.0.26", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!_cmr2040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F58182A-EB6D-442B-846A-8BD5BE4313E6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!_cmr2040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ED47A12-5637-40E2-BE39-B76B789C0DFD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!_cmr2020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85E0D5C4-F0DA-42D9-A594-CB1BE6E7451F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!_cmr2020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E8E5F42B-63E3-4B2D-A03F-983F51EE0648"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "139740E9-9828-4F2E-B11D-3BFE1B96992C", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A650A1E-4DB0-415A-9BF4-0016798CD622"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44695DA0-6E69-4444-BEBB-391E818B9FC0", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C6EBA42A-93FF-4883-8626-EF78D38374D3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B7BB84-89FC-440B-9647-6D5E99C46AED", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "31EAEF72-8B41-44E0-A33B-753AF85A3106"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93C36C9-9E80-48B6-8025-0DA656B7AE0B", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5908438F-2575-46EB-AC96-5F33D018AFAC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15374104-A17C-44B4-801F-C81D3FB97527", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60458734-FF87-48E9-9B63-5AB9EA5ED0E5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E587E31C-E9CA-4925-A2FE-22F46C5A3E81", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C933ED27-2206-4734-8EB8-6A6431D1FBF1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE82B624-BD88-4B43-A590-FF39D136A4D4", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3258DC7-0461-4C65-8292-85C9965EA83D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC0626BD-AAE2-4853-AC96-8A3F2516A972", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD221BA9-3448-49E4-B3A3-D88B939785AC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60DD88D4-3DB3-473C-8613-AE425E7DF03C", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94E4CCE9-71F7-4960-B7DE-5298EFB7C619"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B602E7-05E4-42F7-8850-2369F118D32C", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17BEBCAB-D640-4F6D-9579-4A54C76D80F8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "116A0913-61A8-41EA-89D1-AC46384254B8", "versionEndExcluding": "7.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E917CBBB-EF41-4113-B0CA-EB91889235E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFC6ACFD-8893-4EA3-976B-FAAF7240C5DB", "versionEndExcluding": "3.0.22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3FDE92FB-38C7-46E8-9208-BBD7872219D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D599BF67-DFBB-4107-ACD9-1231D12EC9B5", "versionEndExcluding": "1.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C557DEBB-B71C-42E5-BBCE-0CFF3D10D700"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BE5ED5-4690-4D60-AA95-915CC02266E2", "versionEndExcluding": "5.0.14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F32339C-D992-45F3-B975-D3E1118B881E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD88F06C-6E0F-463C-94E5-CB68601D728E", "versionEndExcluding": "5.0.14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A66DD04-4C58-45D8-A8C5-6817B05DBA14"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBFBC62C-7F21-4312-B6BB-FC80894100BB", "versionEndExcluding": "5.0.14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48F0595C-286F-4EB1-8C25-D20FB92A95A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74D4B0B4-6F7C-43CF-AFB8-6C53BA5C6577", "versionEndExcluding": "5.0.14"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F30B6004-31BF-408A-B1C5-4A7937391F41"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C5E4FE6-D2D5-40E4-A68C-6EA6AC7E1A3C", "versionEndExcluding": "3.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43CDCCE3-B8C0-44D4-A8A0-25C49A4EA240", "versionEndExcluding": "3.0.22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5D7AB0D5-FD3E-416A-975B-D212B3350433"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D", "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}

3.7 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-22924

3.7^/10

4.3^/10

Attach tags to `CVE-2021-22924`