Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Siemens Subscribe
Filtered by product Nucleus Source Code
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15795 1 Siemens 2 Nucleus Net, Nucleus Source Code 2022-04-28 6.8 MEDIUM 8.1 HIGH
A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
CVE-2020-27738 1 Siemens 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more 2022-04-22 5.8 MEDIUM 7.4 HIGH
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.
CVE-2021-25677 1 Siemens 6 Nucleus Net, Nucleus Readystart V3, Nucleus Readystart V4 and 3 more 2022-04-22 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
CVE-2021-27393 1 Siemens 3 Nucleus Net, Nucleus Readystart V3, Nucleus Source Code 2022-04-22 5.0 MEDIUM 5.3 MEDIUM
A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
CVE-2021-25663 1 Siemens 4 Capital Vstar, Nucleus Net, Nucleus Readystart and 1 more 2021-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.