Denial-of-Service Vulnerability in Capital Embedded AR Classic by Siemens
CVE-2021-31883

7.1HIGH

Key Information:

Vendor
Siemens
Status
Capital Embedded Ar Classic 431-422
Capital Embedded Ar Classic R20-11
Vendor
CVE Published:
9 November 2021

Summary

A notable vulnerability has been detected within the Capital Embedded AR Classic products, specifically affecting versions 431-422 and R20-11 prior to V2303. This issue arises during the processing of DHCP ACK messages, where the DHCP client fails to properly validate the length of the Vendor option(s). As a result, this oversight may lead to Denial-of-Service conditions, potentially disrupting the availability of network services. Users and organizations utilizing the affected versions are advised to assess their systems and apply best practices to mitigate associated risks.

Affected Version(s)

Capital Embedded AR Classic 431-422 0

Capital Embedded AR Classic R20-11 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-11458...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-04411...
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-62028...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.