CVE-2021-31882

Description

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)

References

Link	Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf	vendor advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf	vendor advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf
https://cert-portal.siemens.com/productcert/html/ssa-114589.html
https://cert-portal.siemens.com/productcert/html/ssa-044112.html
https://cert-portal.siemens.com/productcert/html/ssa-620288.html

Frequently Asked Questions

What is the severity of CVE-2021-31882?: CVE-2021-31882 has been scored as a medium severity vulnerability.
How to fix CVE-2021-31882?: To fix CVE-2021-31882, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-31882 being actively exploited in the wild?: It is possible that CVE-2021-31882 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-31882?: CVE-2021-31882 affects Siemens Capital Embedded AR Classic 431-422, Siemens Capital Embedded AR Classic R20-11.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions