CVE-2021-25667

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 versions 4.3 through 6.3 SCALANCE M-800 versions 4.3 through 6.3 SCALANCE S615 versions 4.3 through 6.3 SCALANCE SC-600 Family versions 2.0 through 2.1.2 SCALANCE XB-200 versions prior to 4.1 SCALANCE XC-200 versions prior to 4.1 SCALANCE XF-200BA versions prior to 4.1 SCALANCE XM400 versions prior to 6.2 SCALANCE XP-200 versions prior to 4.1 SCALANCE XR-300WG versions prior to 4.1 SCALANCE XR500 versions prior to 6.2

Description The issue is caused by a stack-based buffer overflow vulnerability in the handling of STP BPDU frames. This could allow a remote attacker to trigger a denial-of-service condition or potentially execute remote code. Successful exploitation requires the passive listening feature of the device to be active.

Recommendations For RUGGEDCOM RM1224 versions 4.3 through 6.3, update to version 6.4 or later. For SCALANCE M-800 versions 4.3 through 6.3, update to version 6.4 or later. For SCALANCE S615 versions 4.3 through 6.3, update to version 6.4 or later. For SCALANCE SC-600 Family versions 2.0 through 2.1.2, update to version 2.1.3 or later. For SCALANCE XB-200 versions prior to 4.1, update to version 4.1 or later. For SCALANCE XC-200 versions prior to 4.1, update to version 4.1 or later. For SCALANCE XF-200BA versions prior to 4.1, update to version 4.1 or later. For SCALANCE XM400 versions prior to 6.2, update to version 6.2 or later. For SCALANCE XP-200 versions prior to 4.1, update to version 4.1 or later. For SCALANCE XR-300WG versions prior to 4.1, update to version 4.1 or later. For SCALANCE XR500 versions prior to 6.2, update to version 6.2 or later.