Details of VAR-202103-0982

ID

VAR-202103-0982

CVE

CVE-2021-25667

TITLE

plural Siemens Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004470

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. Siemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities

Trust: 2.25

sources: NVD: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-16434

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance m-800	scope:	gte	version:	4.3	Trust: 1.6
vendor:	siemens	model:	scalance s615	scope:	gte	version:	4.3	Trust: 1.6
vendor:	siemens	model:	scalance xm400	scope:	lt	version:	6.2	Trust: 1.6
vendor:	siemens	model:	scalance xr500	scope:	lt	version:	6.2	Trust: 1.6
vendor:	siemens	model:	ruggedcom rm1224	scope:	gte	version:	4.3	Trust: 1.6
vendor:	siemens	model:	scalance x300wg	scope:	lt	version:	4.1	Trust: 1.6
vendor:	siemens	model:	scalance sc622-2c	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	gte	version:	2.1	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	scalance xc-200	scope:	lt	version:	4.1	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	gte	version:	2.1	Trust: 1.0
vendor:	siemens	model:	scalance xf-200ba	scope:	lt	version:	4.1	Trust: 1.0
vendor:	siemens	model:	scalance m-800	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	scalance xp-200	scope:	lt	version:	4.1	Trust: 1.0
vendor:	siemens	model:	scalance xb-200	scope:	lt	version:	4.1	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	gte	version:	2.1	Trust: 1.0
vendor:	siemens	model:	scalance sc646-2c	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	scalance sc642-2c	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	lt	version:	6.4	Trust: 1.0
vendor:	siemens	model:	scalance sc632-2c	scope:	lte	version:	2.0	Trust: 1.0
vendor:	siemens	model:	scalance sc636-2c	scope:	gte	version:	2.1	Trust: 1.0
vendor:	siemens	model:	scalance sc622-2c	scope:	gte	version:	2.1	Trust: 1.0
vendor:	シーメンス	model:	scalance sc-646-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-622-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xm400	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance s615	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance m-800	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-642-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rm1224	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-632-2c	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance xr500	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	scalance sc-636-2c	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance sc-600 family	scope:	gte	version:	2.0,<2.1.3	Trust: 0.6
vendor:	siemens	model:	scalance family	scope:	eq	version:	xx200<4.1	Trust: 0.6

sources: CNVD: CNVD-2021-16434 // JVNDB: JVNDB-2021-004470 // NVD: CVE-2021-25667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25667
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-25667
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-16434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202103-683
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-25667
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-25667
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-16434
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25667
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-25667
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004470 // NVD: CVE-2021-25667

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202103-683

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-683

PATCH

title:	SSA-979775	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf	Trust: 0.8
title:	Siemens RUGGEDCOM RM1224 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144543	Trust: 0.6
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=02a3bef451a548084110a18d27dea153	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-25667	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/namewreck-bugs-businesses/165385/	Trust: 0.1

sources: VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25667	Trust: 3.1
db:	ICS CERT	id:	ICSA-21-068-03	Trust: 2.5
db:	SIEMENS	id:	SSA-979775	Trust: 2.3
db:	JVN	id:	JVNVU93441670	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-004470	Trust: 0.8
db:	CNVD	id:	CNVD-2021-16434	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0846	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-683	Trust: 0.6
db:	VULMON	id:	CVE-2021-25667	Trust: 0.1

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03	Trust: 3.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25667	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu93441670/	Trust: 0.8
url:	https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-buffer-overflow-via-stp-bpdu-frames-34782	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0846	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/121.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-25667	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/namewreck-bugs-businesses/165385/	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-979775.txt	Trust: 0.1

sources: CNVD: CNVD-2021-16434 // VULMON: CVE-2021-25667 // JVNDB: JVNDB-2021-004470 // CNNVD: CNNVD-202103-683 // NVD: CVE-2021-25667

SOURCES

db:	CNVD	id:	CNVD-2021-16434
db:	VULMON	id:	CVE-2021-25667
db:	JVNDB	id:	JVNDB-2021-004470
db:	CNNVD	id:	CNNVD-202103-683
db:	NVD	id:	CVE-2021-25667

LAST UPDATE DATE

2024-08-14T12:38:21.061000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-16434	date:	2021-03-23T00:00:00
db:	VULMON	id:	CVE-2021-25667	date:	2022-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-004470	date:	2021-11-22T09:03:00
db:	CNNVD	id:	CNNVD-202103-683	date:	2021-04-23T00:00:00
db:	NVD	id:	CVE-2021-25667	date:	2022-10-19T19:26:06.117

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-16434	date:	2021-03-11T00:00:00
db:	VULMON	id:	CVE-2021-25667	date:	2021-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-004470	date:	2021-11-22T00:00:00
db:	CNNVD	id:	CNNVD-202103-683	date:	2021-03-09T00:00:00
db:	NVD	id:	CVE-2021-25667	date:	2021-03-15T17:15:21.690