Remote Device Reboot Vulnerability in RUGGEDCOM and SCALANCE Products
CVE-2021-25676

7.5HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224; Scalance M-800; Scalance S615; Scalance Sc-600
Vendor: CVE Published:; 15 March 2021

Summary

A vulnerability exists in several Siemens devices where multiple unsuccessful SSH authentication attempts can lead to a temporary Denial-of-Service condition. This issue causes the affected device to automatically reboot, disrupting normal operations. This can occur under specific circumstances and impacts the reliability and availability of the devices in a networked environment.

Affected Version(s)

RUGGEDCOM RM1224 V6.3

SCALANCE M-800 V6.3

SCALANCE S615 V6.3

References

https://cert-portal.siemens.com/productcert/pdf/ssa-29626...

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-068-02

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 15, 2021
Vulnerability Reserved
Jan 21, 2021