Vulnerability Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Capital Vstar | - |
| Siemens | Nucleus Net | All versions |
| Siemens | Nucleus Readystart | < 4.1.0 |
| Siemens | Nucleus Source Code | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/html/ssa-248289.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05Third Party AdvisoryUS Government Resource
- https://cert-portal.siemens.com/productcert/html/ssa-248289.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-25663?
CVE-2021-25663 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 ...
How severe is CVE-2021-25663?
CVE-2021-25663 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25663?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Capital Vstar, Siemens Nucleus Net, Siemens Nucleus Readystart, Siemens Nucleus Source Code.