8.8
CWE
121 787 119
Advisory Published
Updated

CVE-2021-25667: Buffer Overflow

First published: Mon Mar 15 2021(Updated: )

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Credit: productcert@siemens.com

Affected SoftwareAffected VersionHow to fix
Siemens Scalance Xr-300wg<4.1
4.1
Siemens Scalance Xb-200<4.1
4.1
Siemens Scalance Xc-200<4.1
4.1
Siemens Scalance Xf-200ba<4.1
4.1
Siemens SCALANCE XP-200<4.1
4.1
Siemens Ruggedcom Rm1224 Firmware>=4.3<6.4
Siemens RUGGEDCOM RM1224
Siemens Scalance M-800 Firmware>=4.3<6.4
Siemens SCALANCE M-800
Siemens Scalance S615 Firmware>=4.3<6.4
Siemens SCALANCE S615
Siemens Scalance X300wg Firmware<4.1
Siemens Scalance X300wg
Siemens Scalance Xm400 Firmware<6.2
Siemens Scalance Xm400
Siemens Scalance Xr500 Firmware<6.2
Siemens Scalance Xr500
Siemens Scalance Sc622-2c Firmware<=2.0
Siemens Scalance Sc622-2c Firmware>=2.1<2.1.3
Siemens Scalance Sc622-2c
Siemens Scalance Sc632-2c Firmware<=2.0
Siemens Scalance Sc632-2c Firmware>=2.1<2.1.3
Siemens Scalance Sc632-2c
Siemens Scalance Sc636-2c Firmware<=2.0
Siemens Scalance Sc636-2c Firmware>=2.1<2.1.3
Siemens Scalance Sc636-2c
Siemens Scalance Sc642-2c Firmware<=2.0
Siemens Scalance Sc642-2c Firmware>=2.1<2.1.3
Siemens Scalance Sc642-2c
Siemens Scalance Sc646-2c Firmware<=2.0
Siemens Scalance Sc646-2c Firmware>=2.1<2.1.3
Siemens Scalance Sc646-2c
Siemens Scalance Xb-200 Firmware<4.1
Siemens SCALANCE XB-200
Siemens Scalance Xc-200 Firmware<4.1
Siemens SCALANCE XC-200
Siemens Scalance Xf-200ba Firmware<4.1
Siemens SCALANCE XF-200BA
Siemens Scalance Xp-200 Firmware<4.1
Siemens SCALANCE XP-200

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is CVE-2021-25667.

  • What software is affected by this vulnerability?

    The RUGGEDCOM RM1224, SCALANCE M-800, SCALANCE S615, SCALANCE SC-600 Family, SCALANCE XB-200, SCALANCE XC-200, SCALANCE XF-200ba, and SCALANCE XP-200 are affected by this vulnerability.

  • What is the severity of CVE-2021-25667?

    The severity of CVE-2021-25667 is high, with a CVSS score of 8.8.

  • What is the CWE ID for this vulnerability?

    The CWE ID for this vulnerability is CWE-119, CWE-121, and CWE-787.

  • Are there any resources for more information about this vulnerability?

    Yes, you can find more information about this vulnerability in the Siemens Product CERT document and the US-CERT advisory.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203