CVE-2021-25667

Summary

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Affected Software

VendorProductVersion RangeStatus
SiemensRUGGEDCOM RM1224All versions >= V4.3 and < V6.4affected
SiemensSCALANCE M-800All versions >= V4.3 and < V6.4affected
SiemensSCALANCE S615All versions >= V4.3 and < V6.4affected
SiemensSCALANCE SC-600 FamilyAll versions >= V2.0 and < V2.1.3affected
SiemensSCALANCE XB-200All versions < V4.1affected
SiemensSCALANCE XC-200All versions < V4.1affected
SiemensSCALANCE XF-200BAAll versions < V4.1affected
SiemensSCALANCE XM400All versions < V6.2affected
SiemensSCALANCE XP-200All versions < V4.1affected
SiemensSCALANCE XR-300WGAll versions < V4.1affected
SiemensSCALANCE XR500All versions < V6.2affected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References