PatchSiren cyber security CVE debrief
CVE-2021-43527 Siemens CVE debrief
CVE-2021-43527 is a critical heap overflow vulnerability in NSS (Network Security Services) affecting versions prior to 3.73 or 3.68.1 ESR. The vulnerability occurs when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for CMS, S/MIME, PKCS #7, or PKCS #12 signature handling are likely impacted, as are those using NSS for certificate validation, TLS, X.509, OCSP, or CRL functionality depending on configuration. Mozilla Firefox is explicitly noted as not impacted, but email clients and PDF viewers using NSS for signature verification—including Thunderbird, LibreOffice, Evolution, and Evince—are believed to be affected. Siemens RUGGEDCOM APE1808 devices are impacted through this vulnerability. The CVSS 3.1 score of 9.8 reflects network attack vector, low attack complexity, no privileges required, no user interaction, and high impacts to confidentiality, integrity, and availability. A vendor fix is available: upgrade Palo Alto Networks Virtual NGFW to V11.1.2-h3, with customers advised to contact Siemens support for patch and update information.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Operators of Siemens RUGGEDCOM APE1808 industrial networking devices; organizations using NSS-dependent applications for email, document signing, or certificate validation in operational technology environments
Technical summary
Heap overflow in NSS signature parsing
Defensive priority
critical
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 on affected RUGGEDCOM APE1808 devices
- Contact Siemens customer support to obtain patch and update information for affected systems
- Review applications using NSS for signature verification (CMS, S/MIME, PKCS #7, PKCS #12) to identify potential exposure
- Assess certificate validation, TLS, X.509, OCSP, and CRL configurations for NSS-dependent applications
- Monitor CISA ICS advisories and Siemens product security notifications for additional guidance
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-102-04. Vendor fix information confirmed through Siemens product security advisory SSA-455250. CVSS vector and severity ratings from official CVE record. Timeline derived from CSAF revision history showing initial publication 2024-04-09 and subsequent updates through 2025-05-13.
Official resources
-
CVE-2021-43527 CVE record
CVE.org
-
CVE-2021-43527 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09