ID

VAR-202103-0982


CVE

CVE-2021-25667


TITLE

plural  Siemens  Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004470

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. Siemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities

Trust: 2.25

sources: NVD: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-16434

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m-800scope:gteversion:4.3

Trust: 1.6

vendor:siemensmodel:scalance s615scope:gteversion:4.3

Trust: 1.6

vendor:siemensmodel:scalance xm400scope:ltversion:6.2

Trust: 1.6

vendor:siemensmodel:scalance xr500scope:ltversion:6.2

Trust: 1.6

vendor:siemensmodel:ruggedcom rm1224scope:gteversion:4.3

Trust: 1.6

vendor:siemensmodel:scalance x300wgscope:ltversion:4.1

Trust: 1.6

vendor:siemensmodel:scalance sc622-2cscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:scalance xc-200scope:ltversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:scalance xf-200bascope:ltversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance m-800scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance xp-200scope:ltversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance xb-200scope:ltversion:4.1

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:ltversion:2.1.3

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:scalance sc646-2cscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:scalance sc642-2cscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:6.4

Trust: 1.0

vendor:siemensmodel:scalance sc632-2cscope:lteversion:2.0

Trust: 1.0

vendor:siemensmodel:scalance sc636-2cscope:gteversion:2.1

Trust: 1.0

vendor:siemensmodel:scalance sc622-2cscope:gteversion:2.1

Trust: 1.0

vendor:シーメンスmodel:scalance sc-646-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-622-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xm400scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance s615scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m-800scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-642-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-632-2cscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance xr500scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance sc-636-2cscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance sc-600 familyscope:gteversion:2.0,<2.1.3

Trust: 0.6

vendor:siemensmodel:scalance familyscope:eqversion:xx200<4.1

Trust: 0.6

sources: CNVD: CNVD-2021-16434 // JVNDB: JVNDB-2021-004470 // NVD: CVE-2021-25667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-25667
value: HIGH

Trust: 1.0

NVD: CVE-2021-25667
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-16434
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202103-683
value: HIGH

Trust: 0.6

VULMON: CVE-2021-25667
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-25667
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-16434
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-25667
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-25667
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004470 // NVD: CVE-2021-25667

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-683

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-683

PATCH

title:SSA-979775url:https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf

Trust: 0.8

title:Siemens RUGGEDCOM RM1224 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144543

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=02a3bef451a548084110a18d27dea153

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2021-25667

Trust: 0.1

title:Threatposturl:https://threatpost.com/namewreck-bugs-businesses/165385/

Trust: 0.1

sources: VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683

EXTERNAL IDS

db:NVDid:CVE-2021-25667

Trust: 3.1

db:ICS CERTid:ICSA-21-068-03

Trust: 2.5

db:SIEMENSid:SSA-979775

Trust: 2.3

db:JVNid:JVNVU93441670

Trust: 0.8

db:JVNDBid:JVNDB-2021-004470

Trust: 0.8

db:CNVDid:CNVD-2021-16434

Trust: 0.6

db:AUSCERTid:ESB-2021.0846

Trust: 0.6

db:CNNVDid:CNNVD-202103-683

Trust: 0.6

db:VULMONid:CVE-2021-25667

Trust: 0.1

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

REFERENCES

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03

Trust: 3.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-25667

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93441670/

Trust: 0.8

url:https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-buffer-overflow-via-stp-bpdu-frames-34782

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0846

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/121.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2021-25667

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/namewreck-bugs-businesses/165385/

Trust: 0.1

url:https://cert-portal.siemens.com/productcert/txt/ssa-979775.txt

Trust: 0.1

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

SOURCES

db:CNVDid:CNVD-2021-16434
db:VULMONid:CVE-2021-25667
db:JVNDBid:JVNDB-2021-004470
db:CNNVDid:CNNVD-202103-683
db:NVDid:CVE-2021-25667

LAST UPDATE DATE

2024-08-14T12:38:21.061000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-16434date:2021-03-23T00:00:00
db:VULMONid:CVE-2021-25667date:2022-10-19T00:00:00
db:JVNDBid:JVNDB-2021-004470date:2021-11-22T09:03:00
db:CNNVDid:CNNVD-202103-683date:2021-04-23T00:00:00
db:NVDid:CVE-2021-25667date:2022-10-19T19:26:06.117

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-16434date:2021-03-11T00:00:00
db:VULMONid:CVE-2021-25667date:2021-03-15T00:00:00
db:JVNDBid:JVNDB-2021-004470date:2021-11-22T00:00:00
db:CNNVDid:CNNVD-202103-683date:2021-03-09T00:00:00
db:NVDid:CVE-2021-25667date:2021-03-15T17:15:21.690