CVE-2021-25667: Buffer Overflow
First published: Mon Mar 15 2021(Updated: )
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Scalance Xr-300wg | <4.1 | 4.1 |
| Siemens Scalance Xb-200 | <4.1 | 4.1 |
| Siemens Scalance Xc-200 | <4.1 | 4.1 |
| Siemens Scalance Xf-200ba | <4.1 | 4.1 |
| Siemens SCALANCE XP-200 | <4.1 | 4.1 |
| Siemens Ruggedcom Rm1224 Firmware | >=4.3<6.4 | |
| Siemens RUGGEDCOM RM1224 | ||
| Siemens Scalance M-800 Firmware | >=4.3<6.4 | |
| Siemens SCALANCE M-800 | ||
| Siemens Scalance S615 Firmware | >=4.3<6.4 | |
| Siemens SCALANCE S615 | ||
| Siemens Scalance X300wg Firmware | <4.1 | |
| Siemens Scalance X300wg | ||
| Siemens Scalance Xm400 Firmware | <6.2 | |
| Siemens Scalance Xm400 | ||
| Siemens Scalance Xr500 Firmware | <6.2 | |
| Siemens Scalance Xr500 | ||
| Siemens Scalance Sc622-2c Firmware | <=2.0 | |
| Siemens Scalance Sc622-2c Firmware | >=2.1<2.1.3 | |
| Siemens Scalance Sc622-2c | ||
| Siemens Scalance Sc632-2c Firmware | <=2.0 | |
| Siemens Scalance Sc632-2c Firmware | >=2.1<2.1.3 | |
| Siemens Scalance Sc632-2c | ||
| Siemens Scalance Sc636-2c Firmware | <=2.0 | |
| Siemens Scalance Sc636-2c Firmware | >=2.1<2.1.3 | |
| Siemens Scalance Sc636-2c | ||
| Siemens Scalance Sc642-2c Firmware | <=2.0 | |
| Siemens Scalance Sc642-2c Firmware | >=2.1<2.1.3 | |
| Siemens Scalance Sc642-2c | ||
| Siemens Scalance Sc646-2c Firmware | <=2.0 | |
| Siemens Scalance Sc646-2c Firmware | >=2.1<2.1.3 | |
| Siemens Scalance Sc646-2c | ||
| Siemens Scalance Xb-200 Firmware | <4.1 | |
| Siemens SCALANCE XB-200 | ||
| Siemens Scalance Xc-200 Firmware | <4.1 | |
| Siemens SCALANCE XC-200 | ||
| Siemens Scalance Xf-200ba Firmware | <4.1 | |
| Siemens SCALANCE XF-200BA | ||
| Siemens Scalance Xp-200 Firmware | <4.1 | |
| Siemens SCALANCE XP-200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-25667.
What software is affected by this vulnerability?
The RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, SCALANCE SC-600 Family, SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200ba, and SCALANCE XP-200 are affected by this vulnerability.
What is the severity of CVE-2021-25667?
The severity of CVE-2021-25667 is high, with a CVSS score of 8.8.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-119, CWE-121, and CWE-787.
Are there any resources for more information about this vulnerability?
Yes, you can find more information about this vulnerability in the Siemens Product CERT document and the US-CERT advisory.
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/event
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/siemens
- canonical/siemens ruggedcom rm1224 firmware
- version/siemens ruggedcom rm1224 firmware/4.3
- canonical/siemens ruggedcom rm1224
- canonical/siemens scalance m-800 firmware
- version/siemens scalance m-800 firmware/4.3
- canonical/siemens scalance m-800
- canonical/siemens scalance s615 firmware
- version/siemens scalance s615 firmware/4.3
- canonical/siemens scalance s615
- canonical/siemens scalance x300wg firmware
- canonical/siemens scalance x300wg
- canonical/siemens scalance xm400 firmware
- canonical/siemens scalance xm400
- canonical/siemens scalance xr500 firmware
- canonical/siemens scalance xr500
- canonical/siemens scalance sc622-2c firmware
- version/siemens scalance sc622-2c firmware/2.0
- version/siemens scalance sc622-2c firmware/2.1
- canonical/siemens scalance sc622-2c
- canonical/siemens scalance sc632-2c firmware
- version/siemens scalance sc632-2c firmware/2.0
- version/siemens scalance sc632-2c firmware/2.1
- canonical/siemens scalance sc632-2c
- canonical/siemens scalance sc636-2c firmware
- version/siemens scalance sc636-2c firmware/2.0
- version/siemens scalance sc636-2c firmware/2.1
- canonical/siemens scalance sc636-2c
- canonical/siemens scalance sc642-2c firmware
- version/siemens scalance sc642-2c firmware/2.0
- version/siemens scalance sc642-2c firmware/2.1
- canonical/siemens scalance sc642-2c
- canonical/siemens scalance sc646-2c firmware
- version/siemens scalance sc646-2c firmware/2.0
- version/siemens scalance sc646-2c firmware/2.1
- canonical/siemens scalance sc646-2c
- canonical/siemens scalance xb-200 firmware
- canonical/siemens scalance xb-200
- canonical/siemens scalance xc-200 firmware
- canonical/siemens scalance xc-200
- canonical/siemens scalance xf-200ba firmware
- canonical/siemens scalance xf-200ba
- canonical/siemens scalance xp-200 firmware
- canonical/siemens scalance xp-200
- canonical/siemens scalance xr-300wg