CVE-2021-25667
Description
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| siemens | ruggedcom_rm1224 | - | |
| siemens | scalance_m-800 | - | |
| siemens | scalance_s615 | - | |
| siemens | scalance_x300wg | - | |
| siemens | scalance_xm400 | - | |
| siemens | scalance_xr500 | - | |
| siemens | scalance_sc622-2c | - | |
| siemens | scalance_sc632-2c | - | |
| siemens | scalance_sc636-2c | - | |
| siemens | scalance_sc642-2c | - | |
| siemens | scalance_sc646-2c | - | |
| siemens | scalance_xb-200 | - | |
| siemens | scalance_xc-200 | - | |
| siemens | scalance_xf-200ba | - | |
| siemens | scalance_xp-200 | - | |
References
CWEs
CWE-121 CWE-787
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.