Vulnerability Details CVE-2021-25667
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
Products affected by CVE-2021-25667
-
cpe:2.3:h:siemens:ruggedcom_rm1224:-
-
cpe:2.3:h:siemens:scalance_m-800:-
-
cpe:2.3:h:siemens:scalance_s615:-
-
cpe:2.3:h:siemens:scalance_sc622-2c:-
-
cpe:2.3:h:siemens:scalance_sc632-2c:-
-
cpe:2.3:h:siemens:scalance_sc636-2c:-
-
cpe:2.3:h:siemens:scalance_sc642-2c:-
-
cpe:2.3:h:siemens:scalance_sc646-2c:-
-
cpe:2.3:h:siemens:scalance_x300wg:-
-
cpe:2.3:h:siemens:scalance_xb-200:-
-
cpe:2.3:h:siemens:scalance_xc-200:-
-
cpe:2.3:h:siemens:scalance_xf-200ba:-
-
cpe:2.3:h:siemens:scalance_xm400:-
-
cpe:2.3:h:siemens:scalance_xp-200:-
-
cpe:2.3:h:siemens:scalance_xr500:-
-
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:4.3
-
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:4.6
-
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:5.0
-
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:6.1
-
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:6.3
-
cpe:2.3:o:siemens:scalance_m-800_firmware:4.03
-
cpe:2.3:o:siemens:scalance_m-800_firmware:4.3
-
cpe:2.3:o:siemens:scalance_m-800_firmware:4.6
-
cpe:2.3:o:siemens:scalance_m-800_firmware:5.0
-
cpe:2.3:o:siemens:scalance_m-800_firmware:6.1
-
cpe:2.3:o:siemens:scalance_m-800_firmware:6.1.2
-
cpe:2.3:o:siemens:scalance_m-800_firmware:6.2
-
cpe:2.3:o:siemens:scalance_m-800_firmware:6.3
-
cpe:2.3:o:siemens:scalance_s615_firmware:4.03
-
cpe:2.3:o:siemens:scalance_s615_firmware:4.3
-
cpe:2.3:o:siemens:scalance_s615_firmware:4.6
-
cpe:2.3:o:siemens:scalance_s615_firmware:5.0
-
cpe:2.3:o:siemens:scalance_s615_firmware:6.1
-
cpe:2.3:o:siemens:scalance_s615_firmware:6.1.2
-
cpe:2.3:o:siemens:scalance_s615_firmware:6.2
-
cpe:2.3:o:siemens:scalance_s615_firmware:6.3
-
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*
-
cpe:2.3:o:siemens:scalance_sc622-2c_firmware:-
-
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*
-
cpe:2.3:o:siemens:scalance_sc632-2c_firmware:-
-
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*
-
cpe:2.3:o:siemens:scalance_sc636-2c_firmware:-
-
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*
-
cpe:2.3:o:siemens:scalance_sc642-2c_firmware:-
-
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*
-
cpe:2.3:o:siemens:scalance_sc646-2c_firmware:-
-
cpe:2.3:o:siemens:scalance_x300wg_firmware:*
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:-
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:-
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xf-200ba_firmware:-
-
cpe:2.3:o:siemens:scalance_xf-200ba_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xm400_firmware:-
-
cpe:2.3:o:siemens:scalance_xm400_firmware:6.1
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:-
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xr500_firmware:-
-
cpe:2.3:o:siemens:scalance_xr500_firmware:6.1