CVE-2021-25667

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Se ha identificado una vulnerabilidad en RUGGEDCOM RM1224 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE M-800 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE S615 (Todas las versiones posteriores e incluyendo a V4.3 y anteriores a V6.4), SCALANCE SC-600 Family (Todas las versiones posteriores e incluyendo a V2.0 y anteriores a V2.1.3), SCALANCE XB-200 (Todas las versiones anteriores a V4.1), SCALANCE XC-200 (Todas las versiones anteriores a V4.1), SCALANCE XF-200BA (Todas las versiones anteriores a V4.1), SCALANCE XM400 (Todas las versiones anteriores a V6.2), SCALANCE XP-200 (Todas las versiones anteriores a V4.1), SCALANCE XR-300WG (Todas las versiones anteriores a V4.1), SCALANCE XR500 (Todas las versiones anteriores a V6.2). Unos dispositivos afectados contienen una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el manejo de frames STP BPDU que podría permitir a un atacante remoto desencadenar una condición de denegación de servicio o una ejecución de código potencialmente remoto. Una explotación con éxito requiere que la funcionalidad listening pasiva del dispositivo esté activa

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-21 CVE Reserved
2021-03-15 CVE Published
2024-08-03 CVE Updated
2024-11-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-121: Stack-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf	2022-10-19
https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03	2022-10-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Ruggedcom Rm1224 Firmware Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware"	>= 4.3 < 6.4 Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware" and version " >= 4.3 < 6.4"	-	Affected	in	Siemens Search vendor "Siemens"	Ruggedcom Rm1224 Search vendor "Siemens" for product "Ruggedcom Rm1224"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M-800 Firmware Search vendor "Siemens" for product "Scalance M-800 Firmware"	>= 4.3 < 6.4 Search vendor "Siemens" for product "Scalance M-800 Firmware" and version " >= 4.3 < 6.4"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M-800 Search vendor "Siemens" for product "Scalance M-800"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance S615 Firmware Search vendor "Siemens" for product "Scalance S615 Firmware"	>= 4.3 < 6.4 Search vendor "Siemens" for product "Scalance S615 Firmware" and version " >= 4.3 < 6.4"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance S615 Search vendor "Siemens" for product "Scalance S615"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance X300wg Firmware Search vendor "Siemens" for product "Scalance X300wg Firmware"	< 4.1 Search vendor "Siemens" for product "Scalance X300wg Firmware" and version " < 4.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance X300wg Search vendor "Siemens" for product "Scalance X300wg"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xm400 Firmware Search vendor "Siemens" for product "Scalance Xm400 Firmware"	< 6.2 Search vendor "Siemens" for product "Scalance Xm400 Firmware" and version " < 6.2"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xm400 Search vendor "Siemens" for product "Scalance Xm400"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xr500 Firmware Search vendor "Siemens" for product "Scalance Xr500 Firmware"	< 6.2 Search vendor "Siemens" for product "Scalance Xr500 Firmware" and version " < 6.2"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xr500 Search vendor "Siemens" for product "Scalance Xr500"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc622-2c Firmware Search vendor "Siemens" for product "Scalance Sc622-2c Firmware"	<= 2.0 Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" and version " <= 2.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc622-2c Search vendor "Siemens" for product "Scalance Sc622-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc622-2c Firmware Search vendor "Siemens" for product "Scalance Sc622-2c Firmware"	>= 2.1 < 2.1.3 Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" and version " >= 2.1 < 2.1.3"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc622-2c Search vendor "Siemens" for product "Scalance Sc622-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc632-2c Firmware Search vendor "Siemens" for product "Scalance Sc632-2c Firmware"	<= 2.0 Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" and version " <= 2.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc632-2c Search vendor "Siemens" for product "Scalance Sc632-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc632-2c Firmware Search vendor "Siemens" for product "Scalance Sc632-2c Firmware"	>= 2.1 < 2.1.3 Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" and version " >= 2.1 < 2.1.3"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc632-2c Search vendor "Siemens" for product "Scalance Sc632-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc636-2c Firmware Search vendor "Siemens" for product "Scalance Sc636-2c Firmware"	<= 2.0 Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" and version " <= 2.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc636-2c Search vendor "Siemens" for product "Scalance Sc636-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc636-2c Firmware Search vendor "Siemens" for product "Scalance Sc636-2c Firmware"	>= 2.1 < 2.1.3 Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" and version " >= 2.1 < 2.1.3"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc636-2c Search vendor "Siemens" for product "Scalance Sc636-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc642-2c Firmware Search vendor "Siemens" for product "Scalance Sc642-2c Firmware"	<= 2.0 Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" and version " <= 2.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc642-2c Search vendor "Siemens" for product "Scalance Sc642-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc642-2c Firmware Search vendor "Siemens" for product "Scalance Sc642-2c Firmware"	>= 2.1 < 2.1.3 Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" and version " >= 2.1 < 2.1.3"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc642-2c Search vendor "Siemens" for product "Scalance Sc642-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc646-2c Firmware Search vendor "Siemens" for product "Scalance Sc646-2c Firmware"	<= 2.0 Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" and version " <= 2.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc646-2c Search vendor "Siemens" for product "Scalance Sc646-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Sc646-2c Firmware Search vendor "Siemens" for product "Scalance Sc646-2c Firmware"	>= 2.1 < 2.1.3 Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" and version " >= 2.1 < 2.1.3"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Sc646-2c Search vendor "Siemens" for product "Scalance Sc646-2c"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xb-200 Firmware Search vendor "Siemens" for product "Scalance Xb-200 Firmware"	< 4.1 Search vendor "Siemens" for product "Scalance Xb-200 Firmware" and version " < 4.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xb-200 Search vendor "Siemens" for product "Scalance Xb-200"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xc-200 Firmware Search vendor "Siemens" for product "Scalance Xc-200 Firmware"	< 4.1 Search vendor "Siemens" for product "Scalance Xc-200 Firmware" and version " < 4.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xc-200 Search vendor "Siemens" for product "Scalance Xc-200"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xf-200ba Firmware Search vendor "Siemens" for product "Scalance Xf-200ba Firmware"	< 4.1 Search vendor "Siemens" for product "Scalance Xf-200ba Firmware" and version " < 4.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xf-200ba Search vendor "Siemens" for product "Scalance Xf-200ba"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xp-200 Firmware Search vendor "Siemens" for product "Scalance Xp-200 Firmware"	< 4.1 Search vendor "Siemens" for product "Scalance Xp-200 Firmware" and version " < 4.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xp-200 Search vendor "Siemens" for product "Scalance Xp-200"	-	-	Safe