CVE-2021-25669

Name of the Vulnerable Software and Affected Versions SCALANCE X200-4P IRT versions prior to 5.5.1 SCALANCE X201-3P IRT versions prior to 5.5.1 SCALANCE X201-3P IRT PRO versions prior to 5.5.1 SCALANCE X202-2 IRT versions prior to 5.5.1 SCALANCE X202-2P IRT versions prior to 5.5.1 SCALANCE X202-2P IRT PRO versions prior to 5.5.1 SCALANCE X204 IRT versions prior to 5.5.1 SCALANCE X204 IRT PRO versions prior to 5.5.1 SCALANCE X204-2 versions prior to V5.2.5 SCALANCE X204-2FM versions prior to V5.2.5 SCALANCE X204-2LD versions prior to V5.2.5 SCALANCE X204-2LD TS versions prior to V5.2.5 SCALANCE X204-2TS versions prior to V5.2.5 SCALANCE X206-1 versions prior to V5.2.5 SCALANCE X206-1LD versions prior to V5.2.5 SCALANCE X208 versions prior to V5.2.5 SCALANCE X208PRO versions prior to V5.2.5 SCALANCE X212-2 versions prior to V5.2.5 SCALANCE X212-2LD versions prior to V5.2.5 SCALANCE X216 versions prior to V5.2.5 SCALANCE X224 versions prior to V5.2.5 SCALANCE XF201-3P IRT versions prior to 5.5.1 SCALANCE XF202-2P IRT versions prior to 5.5.1 SCALANCE XF204 versions prior to V5.2.5 SCALANCE XF204 IRT versions prior to 5.5.1 SCALANCE XF204-2 versions prior to V5.2.5 SCALANCE XF204-2BA IRT versions prior to 5.5.1 SCALANCE XF206-1 versions prior to V5.2.5 SCALANCE XF208 versions prior to V5.2.5

Description The issue is caused by incorrect processing of POST requests in the web server, which may lead to a stack-based buffer overflow. This could allow an attacker to cause a denial-of-service or achieve remote code execution.

Recommendations As a temporary workaround, consider disabling the web server functionality until a patch is available. Restrict access to the web server to minimize the risk of exploitation. Avoid using the vulnerable web server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.