Denial of Service Vulnerability in Capital Embedded AR Classic by Siemens
CVE-2021-31882

6.5MEDIUM

Key Information:

Vendor

Siemens
Status
Capital Embedded Ar Classic 431-422
Capital Embedded Ar Classic R20-11
Vendor
CVE Published:
9 November 2021

What is CVE-2021-31882?

A significant vulnerability exists in the DHCP client application of Siemens' Capital Embedded AR Classic. It fails to appropriately validate the length of Domain Name Server (DNS) IP option(s) within DHCP ACK packets. This oversight can allow attackers to exploit the vulnerability, potentially causing Denial of Service (DoS) conditions that disrupt the normal operation of the affected systems. Users of Capital Embedded AR Classic, especially those on versions 431-422 and R20-11 prior to V2303, should take immediate action to mitigate potential risks associated with this security gap.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-04411...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-62028...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.