Vulnerability CVE-2021-29998 - CERT Civis.Net

Vulnerability Name:

CVE-2021-29998 (CCN-199987)

Assigned:

2021-04-02

Published:

2021-04-02

Updated:

2022-10-05

Summary:

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-29998

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf

Source: XF
Type: UNKNOWN
windriver-vxworks-cve202129998-bo(199987)

Source: CCN
Type: Wind River Web site
Wind River Support Network

Source: MISC
Type: Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices

Source: MISC
Type: Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12

Vulnerable Configuration:

Configuration 1:

cpe:/o:windriver:vxworks:*:*:*:*:*:*:*:* (Version < 6.5)

Configuration 2:

cpe:/o:siemens:ruggedcom_win_subscriber_station_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:ruggedcom_win_subscriber_station:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:siemens:scalance_x200-4_p_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x200-4_p_irt:-:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:siemens:scalance_x201-3p_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x201-3p_irt:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/o:siemens:scalance_x201-3p_irt_pro_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x201-3p_irt_pro:-:*:*:*:*:*:*:*

Configuration 6:

cpe:/o:siemens:scalance_x202-2pirt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x202-2_irt:-:*:*:*:*:*:*:*

Configuration 7:

cpe:/o:siemens:scalance_x202-2p_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x202-2p_irt:-:*:*:*:*:*:*:*

Configuration 8:

cpe:/o:siemens:scalance_x202-2p_irt_pro_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x202-2p_irt_pro:-:*:*:*:*:*:*:*

Configuration 9:

cpe:/o:siemens:scalance_x204_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204_irt:-:*:*:*:*:*:*:*

Configuration 10:

cpe:/o:siemens:scalance_x204_irt_pro_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204_irt_pro:-:*:*:*:*:*:*:*

Configuration 11:

cpe:/o:siemens:scalance_x204-2_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204-2:-:*:*:*:*:*:*:*

Configuration 12:

cpe:/o:siemens:scalance_x204-2fm_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204-2fm:-:*:*:*:*:*:*:*

Configuration 13:

cpe:/o:siemens:scalance_x204-2ld_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204-2ld:-:*:*:*:*:*:*:*

Configuration 14:

cpe:/o:siemens:scalance_x204-2ld_ts_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204-2ld_ts:-:*:*:*:*:*:*:*

Configuration 15:

cpe:/o:siemens:scalance_x204-2ts_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x204-2ts:-:*:*:*:*:*:*:*

Configuration 16:

cpe:/o:siemens:scalance_x206-1_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x206-1:-:*:*:*:*:*:*:*

Configuration 17:

cpe:/o:siemens:scalance_x206-1ld_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x206-1ld:-:*:*:*:*:*:*:*

Configuration 18:

cpe:/o:siemens:scalance_x208_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x208:-:*:*:*:*:*:*:*

Configuration 19:

cpe:/o:siemens:scalance_x208_pro_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x208_pro:-:*:*:*:*:*:*:*

Configuration 20:

cpe:/o:siemens:scalance_x212-2_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x212-2:-:*:*:*:*:*:*:*

Configuration 21:

cpe:/o:siemens:scalance_x212-2ld_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x212-2ld:-:*:*:*:*:*:*:*

Configuration 22:

cpe:/o:siemens:scalance_x216_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x216:-:*:*:*:*:*:*:*

Configuration 23:

cpe:/o:siemens:scalance_x224_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x224:-:*:*:*:*:*:*:*

Configuration 24:

cpe:/o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x300:-:*:*:*:*:*:*:*

Configuration 25:

cpe:/o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_x408:-:*:*:*:*:*:*:*

Configuration 26:

cpe:/o:siemens:scalance_xf201-3p_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf201-3p_irt:-:*:*:*:*:*:*:*

Configuration 27:

cpe:/o:siemens:scalance_xf202-2p_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf202-2p_irt:-:*:*:*:*:*:*:*

Configuration 28:

cpe:/o:siemens:scalance_xf204_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf204:-:*:*:*:*:*:*:*

Configuration 29:

cpe:/o:siemens:scalance_xf204_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf204_irt:-:*:*:*:*:*:*:*

Configuration 30:

cpe:/o:siemens:scalance_xf204-2_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf204-2:-:*:*:*:*:*:*:*

Configuration 31:

cpe:/o:siemens:scalance_xf204-2ba_irt_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf204-2ba_irt:-:*:*:*:*:*:*:*

Configuration 32:

cpe:/o:siemens:scalance_xf206-1_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf206-1:-:*:*:*:*:*:*:*

Configuration 33:

cpe:/o:siemens:scalance_xf208_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:scalance_xf208:-:*:*:*:*:*:*:*

Configuration 34:

cpe:/o:siemens:simatic_rf_181_eip_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_rf_181_eip:-:*:*:*:*:*:*:*

Configuration 35:

cpe:/o:siemens:simatic_rf_182c_firmware:*:*:*:*:*:*:*:*

AND

cpe:/h:siemens:simatic_rf_182c:-:*:*:*:*:*:*:*

Configuration 36:

cpe:/o:siemens:sinamics_perfect_harmony_gh180_firmware:*:*:*:*:*:*:*:* (Version >= 2015 and < 2022)

AND

cpe:/h:siemens:sinamics_perfect_harmony_gh180:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:windriver:vxworks:6.5:*:*:*:*:*:*:*

Denotes that component is vulnerable