Denial-of-Service Vulnerability in Capital Embedded AR Classic by Siemens
CVE-2021-31881

7.1HIGH

Key Information:

Vendor

Siemens
Status
Capital Embedded Ar Classic 431-422
Capital Embedded Ar Classic R20-11
Vendor
CVE Published:
9 November 2021

What is CVE-2021-31881?

A vulnerability exists in the Capital Embedded AR Classic software due to inadequate validation during the processing of DHCP OFFER messages. Specifically, the DHCP client fails to validate the length of Vendor option(s), which can result in Denial-of-Service conditions, potentially making the application unresponsive. This affects all versions of Capital Embedded AR Classic 431-422 and versions of Capital Embedded AR Classic R20-11 prior to V2303.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-04411...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-62028...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.