CVE-2021-25667

2021-03-1517:03:31

CWE-121

siemens

www.cve.org

9.1 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

CNA Affected

[
  {
    "product": "RUGGEDCOM RM1224",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V4.3 and < V6.4"
      }
    ]
  },
  {
    "product": "SCALANCE M-800",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V4.3 and < V6.4"
      }
    ]
  },
  {
    "product": "SCALANCE S615",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V4.3 and < V6.4"
      }
    ]
  },
  {
    "product": "SCALANCE SC-600 Family",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.0 and < V2.1.3"
      }
    ]
  },
  {
    "product": "SCALANCE XB-200",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1"
      }
    ]
  },
  {
    "product": "SCALANCE XC-200",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1"
      }
    ]
  },
  {
    "product": "SCALANCE XF-200BA",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1"
      }
    ]
  },
  {
    "product": "SCALANCE XM400",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V6.2"
      }
    ]
  },
  {
    "product": "SCALANCE XP-200",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1"
      }
    ]
  },
  {
    "product": "SCALANCE XR-300WG",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1"
      }
    ]
  },
  {
    "product": "SCALANCE XR500",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V6.2"
      }
    ]
  }
]