CVE-2021-25667 — HIGH (8.8)

Q: How severe is CVE-2021-25667?

CVE-2021-25667 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-25667?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rm1224 Firmware, Siemens Ruggedcom Rm1224, Siemens Scalance M-800 Firmware, Siemens Scalance M-800, Siemens Scalance S615 Firmware.

Vulnerability Description

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Ruggedcom Rm1224 Firmware	>= 4.3, < 6.4
Siemens	Ruggedcom Rm1224	-
Siemens	Scalance M-800 Firmware	>= 4.3, < 6.4
Siemens	Scalance M-800	-
Siemens	Scalance S615 Firmware	>= 4.3, < 6.4
Siemens	Scalance S615	-
Siemens	Scalance X300Wg Firmware	< 4.1
Siemens	Scalance X300Wg	-
Siemens	Scalance Xm400 Firmware	< 6.2
Siemens	Scalance Xm400	-
Siemens	Scalance Xr500 Firmware	< 6.2
Siemens	Scalance Xr500	-
Siemens	Scalance Sc622-2C Firmware	<= 2.0
Siemens	Scalance Sc622-2C	-
Siemens	Scalance Sc632-2C Firmware	<= 2.0
Siemens	Scalance Sc632-2C	-
Siemens	Scalance Sc636-2C Firmware	<= 2.0
Siemens	Scalance Sc636-2C	-
Siemens	Scalance Sc642-2C Firmware	<= 2.0
Siemens	Scalance Sc642-2C	-

Related Weaknesses (CWE)

CWE-121 CWE-787

References

https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdfPatchVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03PatchThird Party AdvisoryUS Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdfPatchVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2021-25667?

CVE-2021-25667 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE S...

How severe is CVE-2021-25667?

CVE-2021-25667 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-25667?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Ruggedcom Rm1224 Firmware, Siemens Ruggedcom Rm1224, Siemens Scalance M-800 Firmware, Siemens Scalance M-800, Siemens Scalance S615 Firmware.