CVE-2021-25664

CWE-8353 documents3 sources
Severity
8.7HIGH
EPSS
0.5%
top 33.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Capital Embedded AR Classic 431-422Siemens Capital Embedded AR Classic R20-11Siemens Nucleus Readystart V3+3 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages8 packages

CVEListV5siemens/nucleus_readystart_v3< V2017.02.4
CVEListV5siemens/nucleus_readystart_v4< V4.1.0

🔴Vulnerability Details

2
GHSA
GHSA-q7wx-433j-27hv: A vulnerability has been identified in Nucleus 4 (All versions < V42022-05-24
CVEList
CVE-2021-25664: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303),2021-04-22
CVE-2021-25664 (HIGH CVSS 8.7) | A vulnerability has been identified | cvebase.io