Vulnerability identifier: #VU51378

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25667

CWE-ID: CWE-121

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
RUGGEDCOM RM1224
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE SC-600
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE X300WG
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XR-500
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE XM-400
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE Xx200
Hardware solutions / Routers & switches, VoIP, GSM, etc
SCALANCE M-800 / S615
Hardware solutions / Firmware

Vendor: Siemens

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of Spanning Tree Protocol (STP) Bridge Protocol Data Unit (BPDU) frames. A remote attacker on the local network can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

RUGGEDCOM RM1224: 4.3

SCALANCE M-800 / S615: 4.3

---

External links
http://ics-cert.us-cert.gov/advisories/icsa-21-068-03

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.