CVE-2021-42023 : Security Advisory and Response

A vulnerability in ModelSim Simulation and Questa Simulation could allow sophisticated attackers to discover private keys, potentially compromising electronic IP data.

Understanding CVE-2021-42023

This CVE identifies a security flaw in the RSA white-box implementation of the affected applications, leading to inadequate protection of built-in private keys.

What is CVE-2021-42023?

The vulnerability allows attackers to bypass security measures intended by the IEEE 1735 recommended practice, potentially exposing sensitive keys.

The Impact of CVE-2021-42023

If exploited, the CVE could result in the unauthorized decryption of electronic IP data, compromising confidentiality and intellectual property.

Technical Details of CVE-2021-42023

This section delves into the specifics of the vulnerability found in ModelSim Simulation and Questa Simulation.

Vulnerability Description

The RSA white-box implementation in the affected applications fails to adequately protect the required private keys, facilitating key discovery by malicious actors.

Affected Systems and Versions

Vendor: Siemens
Product: ModelSim Simulation
Versions: All versions (affected)
Product: Questa Simulation
Versions: All versions (affected)

Exploitation Mechanism

Sophisticated attackers can exploit this vulnerability to uncover private keys essential for decrypting electronic IP data, circumventing established security controls.

Mitigation and Prevention

To address CVE-2021-42023, follow these mitigation strategies.

Immediate Steps to Take

Update the affected applications to patched versions promptly
Implement robust access controls and encryption mechanisms

Long-Term Security Practices

Regularly monitor for unauthorized access attempts
Conduct security training to raise awareness of safe practices

Patching and Updates

Apply security patches provided by Siemens to fix the vulnerability and enhance the protection of private keys.