Details of VAR-202111-0749

ID

VAR-202111-0749

CVE

CVE-2021-42021

TITLE

Siveillance Video DLNA Server Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014957

DESCRIPTION

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. Siveillance Video DLNA Server Exists in a past traversal vulnerability.Information may be obtained

Trust: 2.16

sources: NVD: CVE-2021-42021 // JVNDB: JVNDB-2021-014957 // CNVD: CNVD-2021-89432

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-89432

AFFECTED PRODUCTS

vendor:	siemens	model:	siveillance video management software 2019 r2	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance video management software 2019 r3	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance video management software 2020 r2	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	siveillance video management software 2019 r1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siveillance video management software 2020 r1	scope:	eq	version:	-	Trust: 1.0
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	2020 r2	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	2019 r3	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	2019 r2	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	2019 r1	Trust: 0.8
vendor:	シーメンス	model:	siveillance vms	scope:	eq	version:	2020 r1	Trust: 0.8
vendor:	siemens	model:	siveillance video dlna server	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r1	scope:	eq	version:	2019	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r2	scope:	eq	version:	2019	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r3	scope:	eq	version:	2019	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r1	scope:	eq	version:	2020	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r2	scope:	eq	version:	2020	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r3	scope:	eq	version:	2020	Trust: 0.6
vendor:	siemens	model:	siveillance video dlna server r1	scope:	eq	version:	2021	Trust: 0.6

sources: CNVD: CNVD-2021-89432 // JVNDB: JVNDB-2021-014957 // NVD: CVE-2021-42021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-42021
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-42021
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-89432
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-866
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-42021
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-89432
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-42021
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-42021
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-89432 // JVNDB: JVNDB-2021-014957 // CNNVD: CNNVD-202111-866 // NVD: CVE-2021-42021

PROBLEMTYPE DATA

problemtype:	CWE-26	Trust: 1.0
problemtype:	CWE-22	Trust: 1.0
problemtype:	Path traversal (CWE-22) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014957 // NVD: CVE-2021-42021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-866

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202111-866

PATCH

title:	SSA-755517	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf	Trust: 0.8
title:	Patch for Siemens Siveillance Video DLNA Server path traversal vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/300046	Trust: 0.6
title:	Siveillance Video DLNA Server Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169669	Trust: 0.6

sources: CNVD: CNVD-2021-89432 // JVNDB: JVNDB-2021-014957 // CNNVD: CNNVD-202111-866

EXTERNAL IDS

db:	NVD	id:	CVE-2021-42021	Trust: 3.8
db:	SIEMENS	id:	SSA-755517	Trust: 2.2
db:	ICS CERT	id:	ICSA-21-315-13	Trust: 1.4
db:	JVN	id:	JVNVU95671889	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-014957	Trust: 0.8
db:	CNVD	id:	CNVD-2021-89432	Trust: 0.6
db:	CS-HELP	id:	SB2021111619	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-866	Trust: 0.6

sources: CNVD: CNVD-2021-89432 // JVNDB: JVNDB-2021-014957 // CNNVD: CNNVD-202111-866 // NVD: CVE-2021-42021

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-755517.pdf	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42021	Trust: 1.4
url:	http://jvn.jp/vu/jvnvu95671889/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-13	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021111619	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-315-13	Trust: 0.6

sources: CNVD: CNVD-2021-89432 // JVNDB: JVNDB-2021-014957 // CNNVD: CNNVD-202111-866 // NVD: CVE-2021-42021

CREDITS

Milestone PSIRT reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202111-866

SOURCES

db:	CNVD	id:	CNVD-2021-89432
db:	JVNDB	id:	JVNDB-2021-014957
db:	CNNVD	id:	CNNVD-202111-866
db:	NVD	id:	CVE-2021-42021

LAST UPDATE DATE

2024-11-23T19:57:35.037000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-89432	date:	2021-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-014957	date:	2022-11-02T07:35:00
db:	CNNVD	id:	CNNVD-202111-866	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2021-42021	date:	2024-11-21T06:27:05.887

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-89432	date:	2021-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-014957	date:	2022-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202111-866	date:	2021-11-09T00:00:00
db:	NVD	id:	CVE-2021-42021	date:	2021-11-09T12:15:10.523