IPv6 Header Processing Vulnerability in Siemens Capital VSTAR and Nucleus Products
CVE-2021-25663
7.5HIGH
Key Information:
- Vendor
- Siemens
- Status
- Vendor
- CVE Published:
- 22 April 2021
Summary
A vulnerability has been reported in Siemens Capital VSTAR and other Nucleus products that affects the processing of IPv6 headers. Specifically, the issue arises from the lack of proper validation of extension header option lengths, potentially allowing an attacker to exploit this weakness. By crafting malicious length values, an attacker can cause the function that processes these headers to enter an infinite loop, which could lead to denial of service and disruption of service availability across affected systems.
Affected Version(s)
Capital Embedded AR Classic 431-422 0
Capital Embedded AR Classic R20-11 0
Nucleus NET All versions
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved