Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-25667

EPSS 0.30% · P54
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-25667

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
栈缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens RUGGEDCOM RM1224 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens RUGGEDCOM RM1224是德国西门子(Siemens)公司的一个无线路由器。提供往返远程位置的数据通信,可提供4G LTE连接并自动回退到3G UMTS或EVDO蜂窝网络。 Siemens RUGGEDCOM RM1224 存在缓冲区错误漏洞,攻击者可利用该漏洞触发缓冲区溢出,从而触发拒绝服务,并可能运行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensRUGGEDCOM RM1224 All versions >= V4.3 and < V6.4 -
SiemensSCALANCE M-800 All versions >= V4.3 and < V6.4 -
SiemensSCALANCE S615 All versions >= V4.3 and < V6.4 -
SiemensSCALANCE SC-600 Family All versions >= V2.0 and < V2.1.3 -
SiemensSCALANCE XB-200 All versions < V4.1 -
SiemensSCALANCE XC-200 All versions < V4.1 -
SiemensSCALANCE XF-200BA All versions < V4.1 -
SiemensSCALANCE XM400 All versions < V6.2 -
SiemensSCALANCE XP-200 All versions < V4.1 -
SiemensSCALANCE XR-300WG All versions < V4.1 -
SiemensSCALANCE XR500 All versions < V6.2 -

II. Public POCs for CVE-2021-25667

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-25667

登录查看更多情报信息。

Same Patch Batch · Siemens · 2021-03-15 · 14 CVEs total

CVE-2020-252365.5 MEDIUMSiemens LOGO! 8 BM 安全漏洞
CVE-2021-25672西门子 Mendix 安全漏洞
CVE-2021-25673Siemens SIMATIC 安全漏洞
CVE-2021-25674Siemens SIMATIC 代码问题漏洞
CVE-2021-25675Siemens SIMATIC 数字错误漏洞
CVE-2021-25676Siemens RUGGEDCOM 安全漏洞
CVE-2021-27380Siemens Solid Edge 缓冲区错误漏洞
CVE-2021-27381Siemens Solid Edge 缓冲区错误漏洞
CVE-2020-25239Siemens SINEMA Remote Connect Server 安全漏洞
CVE-2020-25240Siemens SINEMA Remote Connect Server 安全漏洞
CVE-2020-25241Siemens SIMATIC MV400 安全漏洞
CVE-2020-28385Siemens Solid Edge 缓冲区错误漏洞
CVE-2020-28387Siemens Solid Edge 代码问题漏洞

IV. Related Vulnerabilities

Same product: RUGGEDCOM RM1224
Same vendor: Siemens
Same weakness: CWE-121

V. Comments for CVE-2021-25667

No comments yet

Leave a comment