CVE-2021-27393
MEDIUMNucleus NET, ReadyStart V3 <V2013.08, Source Code - Info Disclosure
Title source: llmDescription
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-201384.pdf
Scores
CVSS v3
5.3
EPSS
0.0075
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-330
Status
published
Products (3)
siemens/nucleus_net
siemens/nucleus_readystart_v3
< 2013.08
siemens/nucleus_source_code
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026