PT-2021-16747 · Siemens · Scalance S615+3
Published
2021-03-15
·
Updated
2021-04-20
·
CVE-2021-25676
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM RM1224 version 6.3
SCALANCE M-800 version 6.3
SCALANCE S615 version 6.3
SCALANCE SC-600 versions 2.1 through 2.1.2
Description
A vulnerability has been identified that could trigger a temporary Denial-of-Service under certain conditions when multiple failed SSH authentication attempts are made. When triggered, the device will reboot automatically.
Recommendations
For RUGGEDCOM RM1224 version 6.3, update to a version that includes a fix for this issue.
For SCALANCE M-800 version 6.3, update to a version that includes a fix for this issue.
For SCALANCE S615 version 6.3, update to a version that includes a fix for this issue.
For SCALANCE SC-600 versions 2.1 through 2.1.2, update to version 2.1.3 or later to resolve the issue.
As a temporary workaround, consider restricting SSH access to minimize the risk of exploitation.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ruggedcom Rm1224
Scalance M-800
Scalance S615
Scalance Sc-600