CVE-2021-37182 : A vulnerability has been identified in SCALANCE XM408-4C (All versions

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.

Published 2022-06-14 10:15:18

Updated 2022-06-27 17:40:11

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2021-37182

Siemens » Scalance Xm416-4c Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm416-4c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm416-4c » Version: N/A
Siemens » Scalance Xm408-8c Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm408-8c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm408-8c » Version: N/A
Siemens » Scalance Xm408-4c Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm408-4c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm408-4c » Version: N/A
Siemens » Scalance Xm416-4c L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm416-4c_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm416-4c L3 » Version: N/A
Siemens » Scalance Xm408-8c L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm408-8c_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm408-8c L3 » Version: N/A
Siemens » Scalance Xm408-4c L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xm408-4c_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xm408-4c L3 » Version: N/A
Siemens » Scalance Xr524-8c Firmware » For 24V
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:24v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c » Version: N/A For 24V
Siemens » Scalance Xr524-8c Firmware » For 2x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:2x230v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c » Version: N/A For 2x230v
Siemens » Scalance Xr524-8c Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c » Version: N/A
Siemens » Scalance Xr524-8c Firmware » For 1x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:1x230v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c » Version: N/A For 1x230v
Siemens » Scalance Xr526-8c Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c » Version: N/A
Siemens » Scalance Xr526-8c Firmware » For 1x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:1x230v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c » Version: N/A For 1x230v
Siemens » Scalance Xr526-8c Firmware » For 24V
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:24v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c » Version: N/A For 24V
Siemens » Scalance Xr526-8c Firmware » For 2x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:2x230v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c » Version: N/A For 2x230v
Siemens » Scalance Xr528-6m Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr528-6m » Version: N/A
Siemens » Scalance Xr524-8c L3 Firmware » For 2x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:2x230v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c L3 » Version: N/A For 2x230v
Siemens » Scalance Xr524-8c L3 Firmware » For 24V
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:24v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c L3 » Version: N/A For 24V
Siemens » Scalance Xr524-8c L3 Firmware » For 1x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:1x230v:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c L3 » Version: N/A For 1x230v
Siemens » Scalance Xr524-8c L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr524-8c_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr524-8c L3 » Version: N/A
Siemens » Scalance Xr526-8c L3 Firmware » For 2x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:2x230v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c L3 » Version: N/A For 2x230v
Siemens » Scalance Xr526-8c L3 Firmware » For 1x230v
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:1x230v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c L3 » Version: N/A For 1x230v
Siemens » Scalance Xr526-8c L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c L3 » Version: N/A
Siemens » Scalance Xr526-8c L3 Firmware » For 24V
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr526-8c_l3_firmware:*:*:*:*:*:*:24v:*
Matching versions
When used together with: Siemens » Scalance Xr526-8c L3 » Version: N/A For 24V
Siemens » Scalance Xr528-6m 2hr2 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr528-6m 2hr2 » Version: N/A
Siemens » Scalance Xr528-6m 2hr2 L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr528-6m_2hr2_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr528-6m 2hr2 L3 » Version: N/A
Siemens » Scalance Xr528-6m L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr528-6m_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr528-6m L3 » Version: N/A
Siemens » Scalance Xr552-12m Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr552-12m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr552-12m » Version: N/A
Siemens » Scalance Xr552-12m 2hr2 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr552-12m 2hr2 » Version: N/A
Siemens » Scalance Xr552-12m 2hr2 L3 Firmware
Versions before (<) 6.5
cpe:2.3:o:siemens:scalance_xr552-12m_2hr2_l3_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Scalance Xr552-12m 2hr2 L3 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-37182

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-37182

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-37182

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Assigned by:
- nvd@nist.gov (Primary)
- productcert@siemens.com (Secondary)

References for CVE-2021-37182

https://cert-portal.siemens.com/productcert/pdf/ssa-145224.pdf

Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-37182

Products affected by CVE-2021-37182

Exploit prediction scoring system (EPSS) score for CVE-2021-37182

CVSS scores for CVE-2021-37182

CWE ids for CVE-2021-37182

References for CVE-2021-37182