← Back

CVE-2021-25667

nvd nist
Published: Mar 15, 2021Modified: Jun 2, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.

Affected (20)

Siemens
15 products
Ruggedcom Rm1224 Firmware
Scalance M 800 Firmware
Scalance S615 Firmware
Scalance X300wg Firmware
Scalance Xm400 Firmware
Scalance Xr500 Firmware
Scalance Sc622 2c Firmware
Scalance Sc632 2c Firmware
Scalance Sc636 2c Firmware
Scalance Sc642 2c Firmware
Scalance Sc646 2c Firmware
Scalance Xb 200 Firmware
Scalance Xc 200 Firmware
Scalance Xf 200ba Firmware
Scalance Xp 200 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Rm1224 Firmware
From 4.3 to 6.4
Running on/withPlatform Versions
Siemens
Ruggedcom Rm1224
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance M 800 Firmware
From 4.3 to 6.4
Running on/withPlatform Versions
Siemens
Scalance M 800
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance S615 Firmware
From 4.3 to 6.4
Running on/withPlatform Versions
Siemens
Scalance S615
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance X300wg Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Scalance X300wg
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xm400 Firmware
Before 6.2
Running on/withPlatform Versions
Siemens
Scalance Xm400
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xr500 Firmware
Before 6.2
Running on/withPlatform Versions
Siemens
Scalance Xr500
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Scalance Sc622 2c Firmware
Up to 2.0
Scalance Sc622 2c Firmware
From 2.1 to 2.1.3
Running on/withPlatform Versions
Siemens
Scalance Sc622 2c
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Scalance Sc632 2c Firmware
Up to 2.0
Scalance Sc632 2c Firmware
From 2.1 to 2.1.3
Running on/withPlatform Versions
Siemens
Scalance Sc632 2c
All versions
Configuration I
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Scalance Sc636 2c Firmware
Up to 2.0
Scalance Sc636 2c Firmware
From 2.1 to 2.1.3
Running on/withPlatform Versions
Siemens
Scalance Sc636 2c
All versions
Configuration J
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Scalance Sc642 2c Firmware
Up to 2.0
Scalance Sc642 2c Firmware
From 2.1 to 2.1.3
Running on/withPlatform Versions
Siemens
Scalance Sc642 2c
All versions
Configuration K
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siemens
Scalance Sc646 2c Firmware
Up to 2.0
Scalance Sc646 2c Firmware
From 2.1 to 2.1.3
Running on/withPlatform Versions
Siemens
Scalance Sc646 2c
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xb 200 Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Scalance Xb 200
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xc 200 Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Scalance Xc 200
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xf 200ba Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Scalance Xf 200ba
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scalance Xp 200 Firmware
Before 4.1
Running on/withPlatform Versions
Siemens
Scalance Xp 200
All versions

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: productcert@siemens.com
PatchVendor Advisory
Source: productcert@siemens.com
PatchThird Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.