gsd-2021-25663
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2021-25663",
    "description": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.",
    "id": "GSD-2021-25663"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-25663"
      ],
      "details": "A vulnerability has been identified in Capital VSTAR (Versions including affected IPv6 stack), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (Versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.",
      "id": "GSD-2021-25663",
      "modified": "2023-12-13T01:23:20.974967Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2021-25663",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Capital Embedded AR Classic 431-422",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Capital Embedded AR Classic R20-11",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V2303"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Nucleus NET",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "All versions"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Nucleus ReadyStart V3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V2017.02.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Nucleus ReadyStart V4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "V4.1.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Nucleus Source Code",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "*"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-835",
                "lang": "eng",
                "value": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
          },
          {
            "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05",
            "refsource": "MISC",
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EEBF34F7-F37A-4FD1-957E-B2E5DEE7A778",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7A5FA7B8-2F94-4762-ADBF-71C0F37231AB",
                    "versionEndExcluding": "4.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "53A38C64-612A-4BC5-83D5-D3FA1C90E0F7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F768DEFE-CE6F-4210-B728-9C4CA2AF03FE",
                    "versionEndExcluding": "2017.02.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values."
          },
          {
            "lang": "es",
            "value": "Se ha identificado una vulnerabilidad en Capital VSTAR (Versiones que incluyen la pila IPv6 afectada), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1.0), Nucleus Source Code (Versiones que incluyen la pila IPv6 afectada). La funci\u00f3n que procesa las cabeceras de IPv6 no comprueba las longitudes de las opciones de las cabeceras de extensi\u00f3n, lo que permite a los atacantes poner esta funci\u00f3n en un bucle infinito con valores de longitud manipulados"
          }
        ],
        "id": "CVE-2021-25663",
        "lastModified": "2024-02-13T09:15:43.143",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "productcert@siemens.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-04-22T21:15:09.957",
        "references": [
          {
            "source": "productcert@siemens.com",
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-248289.html"
          },
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"
          },
          {
            "source": "productcert@siemens.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05"
          }
        ],
        "sourceIdentifier": "productcert@siemens.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-835"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-835"
              }
            ],
            "source": "productcert@siemens.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.