CVE-2021-37182

EPSS 0.35%
Published 14.06.2022 10:15:17
Last modified 21.11.2024 06:14:48
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Scalance Xm408-4c Firmware Version < 6.5

Siemens ≫ Scalance Xm408-4c Version-

Siemens ≫ Scalance Xm408-4c L3 Firmware Version < 6.5

Siemens ≫ Scalance Xm408-4c L3 Version-

Siemens ≫ Scalance Xm408-8c Firmware Version < 6.5

Siemens ≫ Scalance Xm408-8c Version-

Siemens ≫ Scalance Xm408-8c L3 Firmware Version < 6.5

Siemens ≫ Scalance Xm408-8c L3 Version-

Siemens ≫ Scalance Xm416-4c Firmware Version < 6.5

Siemens ≫ Scalance Xm416-4c Version-

Siemens ≫ Scalance Xm416-4c L3 Firmware Version < 6.5

Siemens ≫ Scalance Xm416-4c L3 Version-

Siemens ≫ Scalance Xr524-8c Firmware Version < 6.5

Siemens ≫ Scalance Xr524-8c Version-

Siemens ≫ Scalance Xr524-8c Firmware HwPlatform1x230v Version < 6.5

Siemens ≫ Scalance Xr524-8c Version- HwPlatform1x230v

Siemens ≫ Scalance Xr524-8c Firmware HwPlatform24v Version < 6.5

Siemens ≫ Scalance Xr524-8c Version- HwPlatform24v

Siemens ≫ Scalance Xr524-8c Firmware HwPlatform2x230v Version < 6.5

Siemens ≫ Scalance Xr524-8c Version- HwPlatform2x230v

Siemens ≫ Scalance Xr524-8c L3 Firmware Version < 6.5

Siemens ≫ Scalance Xr524-8c L3 Version-

Siemens ≫ Scalance Xr524-8c L3 Firmware HwPlatform1x230v Version < 6.5

Siemens ≫ Scalance Xr524-8c L3 Version- HwPlatform1x230v

Siemens ≫ Scalance Xr524-8c L3 Firmware HwPlatform24v Version < 6.5

Siemens ≫ Scalance Xr524-8c L3 Version- HwPlatform24v

Siemens ≫ Scalance Xr524-8c L3 Firmware HwPlatform2x230v Version < 6.5

Siemens ≫ Scalance Xr524-8c L3 Version- HwPlatform2x230v

Siemens ≫ Scalance Xr526-8c Firmware Version < 6.5

Siemens ≫ Scalance Xr526-8c Version-

Siemens ≫ Scalance Xr526-8c Firmware HwPlatform1x230v Version < 6.5

Siemens ≫ Scalance Xr526-8c Version- HwPlatform1x230v

Siemens ≫ Scalance Xr526-8c Firmware HwPlatform24v Version < 6.5

Siemens ≫ Scalance Xr526-8c Version- HwPlatform24v

Siemens ≫ Scalance Xr526-8c Firmware HwPlatform2x230v Version < 6.5

Siemens ≫ Scalance Xr526-8c Version- HwPlatform2x230v

Siemens ≫ Scalance Xr526-8c L3 Firmware Version < 6.5

Siemens ≫ Scalance Xr526-8c L3 Version-

Siemens ≫ Scalance Xr526-8c L3 Firmware HwPlatform1x230v Version < 6.5

Siemens ≫ Scalance Xr526-8c L3 Version- HwPlatform1x230v

Siemens ≫ Scalance Xr526-8c L3 Firmware HwPlatform24v Version < 6.5

Siemens ≫ Scalance Xr526-8c L3 Version- HwPlatform24v

Siemens ≫ Scalance Xr526-8c L3 Firmware HwPlatform2x230v Version < 6.5

Siemens ≫ Scalance Xr526-8c L3 Version- HwPlatform2x230v

Siemens ≫ Scalance Xr528-6m Firmware Version < 6.5

Siemens ≫ Scalance Xr528-6m Version-

Siemens ≫ Scalance Xr528-6m 2hr2 Firmware Version < 6.5

Siemens ≫ Scalance Xr528-6m 2hr2 Version-

Siemens ≫ Scalance Xr528-6m 2hr2 L3 Firmware Version < 6.5

Siemens ≫ Scalance Xr528-6m 2hr2 L3 Version-

Siemens ≫ Scalance Xr528-6m L3 Firmware Version < 6.5

Siemens ≫ Scalance Xr528-6m L3 Version-

Siemens ≫ Scalance Xr552-12m Firmware Version < 6.5

Siemens ≫ Scalance Xr552-12m Version-

Siemens ≫ Scalance Xr552-12m 2hr2 Firmware Version < 6.5

Siemens ≫ Scalance Xr552-12m 2hr2 Version-

Siemens ≫ Scalance Xr552-12m 2hr2 L3 Firmware Version < 6.5

Siemens ≫ Scalance Xr552-12m 2hr2 L3 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.35%	0.564

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-37182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-37182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-37182

EUVD