Login Sign Up

CVE-2021-21964

7.4 HIGH
Denial of Service

📋 TL;DR

A denial of service vulnerability in Sealevel Systems SeaConnect 370W's Modbus configuration allows attackers to crash the device by sending specially-crafted network packets. This affects organizations using SeaConnect 370W v1.3.34 for industrial control systems. The vulnerability requires network access to the device's Modbus interface.

💻 Affected Systems

Products:
  • Sealevel Systems SeaConnect 370W
Versions: v1.3.34
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with Modbus configuration functionality enabled and accessible via network.

📦 What is this software?

Seaconnect 370w Firmware by Sealevel

View all CVEs affecting Seaconnect 370w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device unavailability requiring physical reset or power cycle, disrupting industrial processes and potentially causing safety or production impacts.

🟠

Likely Case

Temporary service disruption requiring manual intervention to restore functionality, causing operational downtime.

🟢

If Mitigated

No impact if device is properly segmented and protected from untrusted networks.

🌐 Internet-Facing: HIGH - If exposed to internet, attackers can easily send malicious packets to trigger DoS.
🏢 Internal Only: MEDIUM - Requires internal network access; risk depends on network segmentation and access controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted packets to Modbus port; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.3.35 or later

Vendor Advisory: https://www.sealevel.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download latest firmware from Sealevel support portal. 2. Backup current configuration. 3. Upload new firmware via web interface. 4. Restart device. 5. Restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SeaConnect devices from untrusted networks using firewalls or VLANs.

Access Control Lists

linux

Restrict Modbus port access to authorized IP addresses only.

iptables -A INPUT -p tcp --dport 502 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 502 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate SeaConnect devices
  • Deploy intrusion detection systems to monitor for malicious Modbus traffic

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console; if version is v1.3.34, device is vulnerable.

Check Version:

Check via web interface at http://device-ip/status or serial console command 'version'

Verify Fix Applied:

Confirm firmware version is v1.3.35 or later and test Modbus functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

  • Device crash/restart logs
  • Modbus connection errors
  • Unusual packet patterns on port 502

Network Indicators:

  • Malformed Modbus packets to port 502
  • Sudden traffic spikes to device
  • Connection attempts from unauthorized sources

SIEM Query:

source_port:502 AND (packet_size:unusual OR protocol_violation:true)

📊 Metadata

CVE ID: CVE-2021-21964
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
CWE: CWE-284
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21964, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)