Vulnerability in ModelSim and Questa Simulation Products by Siemens
CVE-2021-42023

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Modelsim Simulation; Questa Simulation
Vendor: CVE Published:; 14 December 2021

Summary

A vulnerability exists in Siemens' ModelSim and Questa Simulation products where the RSA white-box implementation fails to adequately protect the built-in private keys. These keys are critical for decrypting electronic intellectual property (IP) data, violating IEEE 1735 recommended practices. This weakness can potentially be exploited by sophisticated attackers, enabling them to uncover the keys and breach the security measures meant to safeguard IP data.

Affected Version(s)

ModelSim Simulation All versions

Questa Simulation All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-40033...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2021
Vulnerability Reserved
Oct 6, 2021