CVE-2021-42023

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Modelsim Simulation; Questa Simulation
Vendor: CVE Published:; 14 December 2021

Summary

A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE 1735 recommended practice.

Affected Version(s)

ModelSim Simulation All versions

Questa Simulation All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-40033...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2021
Vulnerability Reserved
Oct 6, 2021