IPv6 Header Processing Vulnerability in Siemens Capital VSTAR and Nucleus Products
CVE-2021-25663

7.5HIGH

Key Information:

Summary

A vulnerability has been reported in Siemens Capital VSTAR and other Nucleus products that affects the processing of IPv6 headers. Specifically, the issue arises from the lack of proper validation of extension header option lengths, potentially allowing an attacker to exploit this weakness. By crafting malicious length values, an attacker can cause the function that processes these headers to enter an infinite loop, which could lead to denial of service and disruption of service availability across affected systems.

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

Nucleus NET All versions

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.