Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-25663

CVSS 7.5 · High EPSS 0.71% · P72
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-25663

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不可达退出条件的循环(无限循环)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens Nucleus 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
siemens Nucleus是德国西门子(siemens)公司的一个工控设备。提供一个工控设备。 Siemens Nucleus存在安全漏洞,该漏洞源于程序处理IPv6头的函数不检查扩展头选项的长度,允许攻击者使用精心设计的长度值将该函数放入无限循环中。以下产品或版本受到影响:Nucleus 4、Nucleus NET、Nucleus ReadyStart、Nucleus Source Code、VSTAR。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensCapital Embedded AR Classic 431-422 0 ~ * -
SiemensCapital Embedded AR Classic R20-11 0 ~ V2303 -
SiemensNucleus NET All versions -
SiemensNucleus ReadyStart V3 0 ~ V2017.02.4 -
SiemensNucleus ReadyStart V4 0 ~ V4.1.0 -
SiemensNucleus Source Code 0 ~ * -

II. Public POCs for CVE-2021-25663

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-25663

登录查看更多情报信息。

Same Patch Batch · Siemens · 2021-04-22 · 19 CVEs total

CVE-2020-252448.4 HIGHSiemens LOGO! Soft Comfort 代码问题漏洞
CVE-2020-270098.1 HIGH多款Siemens产品 缓冲区错误漏洞
CVE-2020-157958.1 HIGH多款siemens产品 缓冲区错误漏洞
CVE-2021-256647.5 HIGHSiemens Nucleus 安全漏洞
CVE-2020-277376.5 MEDIUM多款siemens产品 缓冲区错误漏洞
CVE-2020-277366.5 MEDIUM多款siemens产品 缓冲区错误漏洞
CVE-2020-277386.5 MEDIUM多款siemens产品 缓冲区错误漏洞
CVE-2021-256775.3 MEDIUM多款Siemens产品 安全特征问题漏洞
CVE-2020-252435.1 MEDIUMSiemens LOGO! Soft Comfort 路径遍历漏洞
CVE-2021-27393Nucleus ReadyStart安全特征问题漏洞
CVE-2021-25668Siemens Web Server缓冲区错误漏洞
CVE-2021-25669Siemens Web Server 缓冲区错误漏洞
CVE-2021-27392Siemens Open Network Bridge 信任管理问题漏洞
CVE-2021-27389Siemens Digital Industries Software Opcenter Quality 安全漏洞
CVE-2020-26997Siemens Solid Edge 安全漏洞
CVE-2021-27382Siemens Solid Edge 缓冲区错误漏洞
CVE-2021-25678Siemens Solid Edge 缓冲区错误漏洞
CVE-2021-25670siemens Tecnomatix RobotExpert 缓冲区错误漏洞

IV. Related Vulnerabilities

Same product: Capital Embedded AR Classic 431-422
Same vendor: Siemens
Same weakness: CWE-835

V. Comments for CVE-2021-25663

No comments yet

Leave a comment