OpenCVE

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Scalance W740 Scalance W740 Firmware Scalance W780 Scalance W780 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:scalance_w780_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w780:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:scalance_w740_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w740:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf
https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-02-09T15:38:21

Updated: 2024-08-03T20:11:27.506Z

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-25666

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-09T18:15:51.573

Modified: 2024-11-21T05:55:15.220

Link: CVE-2021-25666

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SCALANCE W780 and W740 (IEEE 802.11n) family", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V6.3"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-02-12T20:17:06", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-25666", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SCALANCE W780 and W740 (IEEE 802.11n) family", "version": {"version_data": [{"version_value": "All versions < V6.3"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:11:27.506Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-25666", "datePublished": "2021-02-09T15:38:21", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-08-03T20:11:27.506Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w780_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCE9B4EC-DF55-4F8A-B130-C0F8F286441C", "versionEndExcluding": "6.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w780:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB406941-2C32-4551-8C1C-9E8DC4157E73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_w740_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "00F55236-C25F-4F93-B74C-AE75EEDBD388", "versionEndExcluding": "6.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_w740:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BFC9F18-3070-4F23-88D9-F40CDF884174", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la familia SCALANCE W780 y W740 (IEEE 802.11n) (todas las versiones anteriores a V6.3). El env\u00edo de paquetes especialmente dise\u00f1ados por medio del protocolo ARP hacia un dispositivo afectado podr\u00eda causar una denegaci\u00f3n de servicio parcial, impidiendo al dispositivo funcionar normalmente durante un corto per\u00edodo de tiempo"}], "id": "CVE-2021-25666", "lastModified": "2024-11-21T05:55:15.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-09T18:15:51.573", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686152.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-07"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "productcert@siemens.com", "type": "Secondary"}]}