Vulnerabilities > CVE-2021-25676 - Improper Restriction of Excessive Authentication Attempts vulnerability in Siemens products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-307

NVD

Published: 2021-03-15

Updated: 2021-04-20

Summary

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Ruggedcom Rm1224 Firmware 6.3 Siemens Scalance M 800 Firmware 6.3 Siemens Scalance S615 Firmware 6.3 Siemens Scalance SC 600 Firmware *	4
Hardware	Siemens Siemens Ruggedcom Rm1224 - Siemens Scalance M 800 - Siemens Scalance S615 - Siemens Scalance SC 600 -	4

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References