CVE-2021-25663

Summary

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

Affected Software

VendorProductVersion RangeStatus
SiemensCapital Embedded AR Classic 431-4220 < *affected
SiemensCapital Embedded AR Classic R20-110 < V2303affected
SiemensNucleus NETAll versionsaffected
SiemensNucleus ReadyStart V30 < V2017.02.4affected
SiemensNucleus ReadyStart V40 < V4.1.0affected
SiemensNucleus Source Code0 < *affected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CVE Program Container

Additional References

References