Denial-of-Service Vulnerability in Capital Embedded AR Classic by Siemens
CVE-2021-31881
7.5HIGH
Key Information:
- Vendor
- Siemens
- Vendor
- CVE Published:
- 9 November 2021
Summary
A vulnerability exists in the Capital Embedded AR Classic software due to inadequate validation during the processing of DHCP OFFER messages. Specifically, the DHCP client fails to validate the length of Vendor option(s), which can result in Denial-of-Service conditions, potentially making the application unresponsive. This affects all versions of Capital Embedded AR Classic 431-422 and versions of Capital Embedded AR Classic R20-11 prior to V2303.
Affected Version(s)
Capital Embedded AR Classic 431-422 0
Capital Embedded AR Classic R20-11 0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved