Publication Date: 2021-04-13
Last Update: 2022-01-11
Current Version: V1.2
CVSS v3.1 Base Score: 6.5

Affected Product and Versions Remediation
Nucleus NET:
All versions
Currently no remediation is planned
Update to the latest version of Nucleus ReadyStart V3 or V4
Contact customer support or your local Nucleus Sales team for mitigation advice
See further recommendations from section Workarounds and Mitigations
Nucleus ReadyStart V3:
All versions < V2017.02.3
Update to V2017.02.3 or later version
https://support.sw.siemens.com/en-US/product/1009925838/
See further recommendations from section Workarounds and Mitigations
Nucleus ReadyStart V3:
All versions < V2017.02.4
only affected by CVE-2021-25677
Update to V2017.02.4 or later version
https://support.sw.siemens.com/en-US/product/1009925838/
See further recommendations from section Workarounds and Mitigations
Nucleus ReadyStart V4:
All versions < V4.1.0
Update to V4.1.0 or later version
https://support.sw.siemens.com/en-US/product/1336134128/
See further recommendations from section Workarounds and Mitigations
Nucleus Source Code:
Versions including affected DNS modules
Contact customer support to receive patch and update information
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-170: Improper Null Termination

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-125: Out-of-bounds Read

CVSS v3.1 Base Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C
CWE: CWE-788: Access of Memory Location After End of Buffer

CVSS v3.1 Base Score 5.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
CWE: CWE-330: Use of Insufficiently Random Values

https://www.siemens.com/cert/advisories