CVE-2021-25667

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224; Scalance M-800; Scalance S615; Scalance Sc-600 Family
Vendor: CVE Published:; 15 March 2021

Summary

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Affected Version(s)

RUGGEDCOM RM1224 All versions >= V4.3 and < V6.4

SCALANCE M-800 All versions >= V4.3 and < V6.4

SCALANCE S615 All versions >= V4.3 and < V6.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-97977...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03

x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Jan 21, 2021