CVE-2021-25663

Опубликовано: 22 апр. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-248289.html
https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05
Third Party Advisory
US Government Resource
https://cert-portal.siemens.com/productcert/html/ssa-248289.html
https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf
Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*

cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*

Версия до 4.1.0 (исключая)

cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*

Версия до 2017.02.4 (исключая)

EPSS

Процентиль: 66%

0.00523

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

GHSA-m3qf-xv59-6w6h