CVE-2021-25667
Published: Mar 15, 2021
Modified: Jun 2, 2026
Description
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active.
| Vendor | Product | Versions |
|---|---|---|
Siemens | RUGGEDCOM RM1224 | affected All versions >= V4.3 and < V6.4 |
Siemens | SCALANCE M-800 | affected All versions >= V4.3 and < V6.4 |
Siemens | SCALANCE S615 | affected All versions >= V4.3 and < V6.4 |
Siemens | SCALANCE SC-600 Family | affected All versions >= V2.0 and < V2.1.3 |
Siemens | SCALANCE XB-200 | affected All versions < V4.1 |
Siemens | SCALANCE XC-200 | affected All versions < V4.1 |
Siemens | SCALANCE XF-200BA | affected All versions < V4.1 |
Siemens | SCALANCE XM400 | affected All versions < V6.2 |
Siemens | SCALANCE XP-200 | affected All versions < V4.1 |
Siemens | SCALANCE XR-300WG | affected All versions < V4.1 |
Siemens | SCALANCE XR500 | affected All versions < V6.2 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now