Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-37186

EPSS 0.17% · P37
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-37186

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC是西门子(Siemens)的一款组态软件。 Siemens SIMATIC RTU 3000 family中存在安全特征问题漏洞,该漏洞源于产品底层TCP IP堆栈没有正确地计算用作ISN(初始序列号)的随机数。攻击者可通过网络访问局域网接口的相邻攻击者可利用该漏洞可以干扰流量,欺骗连接并获得对敏感信息的访问权。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensLOGO! CMR2020 All versions < V2.2 -
SiemensLOGO! CMR2040 All versions < V2.2 -
SiemensSIMATIC RTU3010C All versions < V4.0.9 -
SiemensSIMATIC RTU3030C All versions < V4.0.9 -
SiemensSIMATIC RTU3031C All versions < V4.0.9 -
SiemensSIMATIC RTU3041C All versions < V4.0.9 -

II. Public POCs for CVE-2021-37186

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-37186

登录查看更多情报信息。

Same Patch Batch · Siemens · 2021-09-14 · 30 CVEs total

CVE-2021-337377.5 HIGHSiemens SIAMTIC CP343-1 缓冲区错误漏洞
CVE-2021-37183Siemens SINEMA Remote Connect Server 访问控制错误漏洞
CVE-2019-10941SINEMA Server 访问控制错误漏洞
CVE-2021-25665Simcenter STAR-CCM+ Viewer 缓冲区错误漏洞
CVE-2021-31891Siemens Desigo CC 操作系统命令注入漏洞
CVE-2021-27391Siemens APOGEE MBC 缓冲区错误漏洞
CVE-2021-33716Siemens SIMATIC CP 1543-1和SIMATIC CP 1545-1 安全漏洞
CVE-2021-33719Siemens SIPROTEC 5 代码注入漏洞
CVE-2021-33720Siemens SIPROTEC 5 代码注入漏洞
CVE-2021-37173Siemens RUGGEDCOM 信息泄露漏洞
CVE-2021-37174Siemens RUGGEDCOM 授权问题漏洞
CVE-2021-37175Siemens RUGGEDCOM 授权问题漏洞
CVE-2021-37176Siemens Simcenter Femap 缓冲区错误漏洞
CVE-2021-37177Siemens SINEMA Remote Connect Server 访问控制错误漏洞
CVE-2021-37181多款 Siemens 产品代码问题漏洞
CVE-2021-40357Siemens Teamcenter Active Workspace 路径遍历漏洞
CVE-2021-37184Siemens Industrial Edge Management 授权问题漏洞
CVE-2021-37191Siemens SINEMA Remote Connect Server 安全漏洞
CVE-2021-37190Siemens SINEMA Remote Connect Server 信息泄露漏洞
CVE-2021-37192Siemens SINEMA Remote Connect Server 信息泄露漏洞

Showing top 20 of 30 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same vendor: Siemens
Same weakness: CWE-330

V. Comments for CVE-2021-37186

No comments yet

Leave a comment