CVE-2021-25663

CWE-8353 documents3 sources
Severity
8.7HIGH
EPSS
0.5%
top 33.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Siemens Capital Embedded AR Classic 431-422Siemens Capital Embedded AR Classic R20-11Siemens Nucleus Readystart V3+4 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages7 packages

CVEListV5siemens/nucleus_readystart_v3< V2017.02.4
CVEListV5siemens/nucleus_readystart_v4< V4.1.0

🔴Vulnerability Details

2
GHSA
GHSA-m3qf-xv59-6w6h: A vulnerability has been identified in Nucleus 4 (All versions < V42022-05-24
CVEList
CVE-2021-25663: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303),2021-04-22
CVE-2021-25663 (HIGH CVSS 8.7) | A vulnerability has been identified | cvebase.io