CVE-2021-25664

Description

A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus ReadyStart (All versions), Nucleus Source Code (versions including affected IPv6 stack), VSTAR (versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values.

Related CPE's

asiemensnucleus_4********
vulnerable
asiemensnucleus_net********
vulnerable
asiemensnucleus_readystart********
vulnerable
asiemensnucleus_source_code-*******
vulnerable
asiemensvstar-*******
vulnerable

References

https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf

Vendor Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05

Third Party AdvisoryUS Government Resource

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE