IPv6 Header Processing Vulnerability in Siemens Capital VSTAR and Nucleus Products
CVE-2021-25663

8.7HIGH

Key Information:

Vendor: Siemens
Status: Capital Embedded Ar Classic 431-422; Capital Embedded Ar Classic R20-11; Nucleus Net; Nucleus Readystart V3
Vendor: CVE Published:; 22 April 2021

What is CVE-2021-25663?

A vulnerability has been reported in Siemens Capital VSTAR and other Nucleus products that affects the processing of IPv6 headers. Specifically, the issue arises from the lack of proper validation of extension header option lengths, potentially allowing an attacker to exploit this weakness. By crafting malicious length values, an attacker can cause the function that processes these headers to enter an infinite loop, which could lead to denial of service and disruption of service availability across affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

Nucleus NET All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-24828...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05

x_refsource_CONFIRM

https://cert-portal.siemens.com/productcert/html/ssa-2482...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Jan 21, 2021

JSON

Siemens

What is CVE-2021-25663?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.