CVE-2021-37182

Summary

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Affected Software

VendorProductVersion RangeStatus
SiemensSCALANCE XM408-4CAll versions < V6.5affected
SiemensSCALANCE XM408-4C (L3 int.)All versions < V6.5affected
SiemensSCALANCE XM408-8CAll versions < V6.5affected
SiemensSCALANCE XM408-8C (L3 int.)All versions < V6.5affected
SiemensSCALANCE XM416-4CAll versions < V6.5affected
SiemensSCALANCE XM416-4C (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR524-8C, 1x230VAll versions < V6.5affected
SiemensSCALANCE XR524-8C, 1x230V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR524-8C, 24VAll versions < V6.5affected
SiemensSCALANCE XR524-8C, 24V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR524-8C, 2x230VAll versions < V6.5affected
SiemensSCALANCE XR524-8C, 2x230V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR526-8C, 1x230VAll versions < V6.5affected
SiemensSCALANCE XR526-8C, 1x230V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR526-8C, 24VAll versions < V6.5affected
SiemensSCALANCE XR526-8C, 24V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR526-8C, 2x230VAll versions < V6.5affected
SiemensSCALANCE XR526-8C, 2x230V (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR528-6MAll versions < V6.5affected
SiemensSCALANCE XR528-6M (2HR2)All versions < V6.5affected
SiemensSCALANCE XR528-6M (2HR2, L3 int.)All versions < V6.5affected
SiemensSCALANCE XR528-6M (L3 int.)All versions < V6.5affected
SiemensSCALANCE XR552-12MAll versions < V6.5affected
SiemensSCALANCE XR552-12M (2HR2)All versions < V6.5affected
SiemensSCALANCE XR552-12M (2HR2)All versions < V6.5affected
SiemensSCALANCE XR552-12M (2HR2, L3 int.)All versions < V6.5affected

Weaknesses

  • CWE-354: CWE-354: Improper Validation of Integrity Check Value

ADP Enrichment

CVE Program Container

Additional References

References