Vulnerability Description
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance Xm408-4C Firmware | < 6.5 |
| Siemens | Scalance Xm408-4C | - |
| Siemens | Scalance Xm408-4C L3 Firmware | < 6.5 |
| Siemens | Scalance Xm408-4C L3 | - |
| Siemens | Scalance Xm408-8C Firmware | < 6.5 |
| Siemens | Scalance Xm408-8C | - |
| Siemens | Scalance Xm408-8C L3 Firmware | < 6.5 |
| Siemens | Scalance Xm408-8C L3 | - |
| Siemens | Scalance Xm416-4C Firmware | < 6.5 |
| Siemens | Scalance Xm416-4C | - |
| Siemens | Scalance Xm416-4C L3 Firmware | < 6.5 |
| Siemens | Scalance Xm416-4C L3 | - |
| Siemens | Scalance Xr524-8C Firmware | < 6.5 |
| Siemens | Scalance Xr524-8C | - |
| Siemens | Scalance Xr524-8C L3 Firmware | < 6.5 |
| Siemens | Scalance Xr524-8C L3 | - |
| Siemens | Scalance Xr526-8C Firmware | < 6.5 |
| Siemens | Scalance Xr526-8C | - |
| Siemens | Scalance Xr526-8C L3 Firmware | < 6.5 |
| Siemens | Scalance Xr526-8C L3 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdfPatchVendor Advisory
FAQ
What is CVE-2021-37182?
CVE-2021-37182 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) ...
How severe is CVE-2021-37182?
CVE-2021-37182 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37182?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Xm408-4C Firmware, Siemens Scalance Xm408-4C, Siemens Scalance Xm408-4C L3 Firmware, Siemens Scalance Xm408-4C L3, Siemens Scalance Xm408-8C Firmware.