Denial of Service Vulnerability in Capital Embedded AR Classic by Siemens
CVE-2021-31882

6.5MEDIUM

Key Information:

Vendor
Siemens
Status
Capital Embedded Ar Classic 431-422
Capital Embedded Ar Classic R20-11
Vendor
CVE Published:
9 November 2021

Summary

A significant vulnerability exists in the DHCP client application of Siemens' Capital Embedded AR Classic. It fails to appropriately validate the length of Domain Name Server (DNS) IP option(s) within DHCP ACK packets. This oversight can allow attackers to exploit the vulnerability, potentially causing Denial of Service (DoS) conditions that disrupt the normal operation of the affected systems. Users of Capital Embedded AR Classic, especially those on versions 431-422 and R20-11 prior to V2303, should take immediate action to mitigate potential risks associated with this security gap.

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-04411...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-62028...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.