CVE-2021-25663
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Siemens Nucleus IPv6 stack has an infinite-loop flaw when processing crafted IPv6 extension header options, causing denial-of-service.
Vulnerability
An infinite-loop vulnerability exists in the IPv6 header-processing function of Siemens Nucleus products, including Capital Embedded AR Classic 431-422 (all versions), Capital Embedded AR Classic R20-11 (all versions prior to V2303), Nucleus NET (all versions), Nucleus ReadyStart V3 (versions prior to V2017.02.4), Nucleus ReadyStart V4 (versions prior to V4.1.0), and Nucleus Source Code (versions including the affected IPv6 stack) [1]. The flaw occurs because the function lacks checks on the lengths of IPv6 extension header options, allowing an attacker to craft a packet with a length value that causes the function to loop indefinitely [1]. This is classified as CWE-835 (Loop with Unreachable Exit Condition) [1].
Exploitation
An unauthenticated attacker can exploit this vulnerability remotely without any special privileges or user interaction [1]. The attacker sends a single IPv6 packet with a crafted extension header that contains an option length field set to a value that triggers the infinite loop [1]. The attack has low complexity and does not require authentication or knowledge of the target [1]. No race conditions or special network position beyond standard IPv6 connectivity are needed.
Impact
Successful exploitation causes the target device to enter an infinite loop, leading to a denial-of-service (DoS) condition [1]. The impact is limited to availability (C:N/I:N/A:H); no data is compromised or modified, and no code execution is achieved [1]. The CVSS v3 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [1]. For Capital Embedded AR Classic 431-422, no fix is planned [2].
Mitigation
For Nucleus ReadyStart V3, the fix was released in version V2017.02.4 [2]. For Nucleus ReadyStart V4, the fix was released in version V4.1.0 [2]. For Capital Embedded AR Classic R20-11, the fix is available in version V2303 [2]. For Capital Embedded AR Classic 431-422, Siemens has stated that no fix is planned as of the last advisory update [2]. For Nucleus NET and other affected products, users should consult Siemens advisory SSA-248289 for tailored updates and workarounds [2]. No workaround is described in the available references for unpatched versions, and the vulnerability is not listed in KEV (Known Exploited Vulnerabilities) at the time of publication.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11All versions+ 1 more
- (no CPE)range: All versions
- (no CPE)range: All versions
- Range: All versions
- Range: < V2303
- Range: < V2017.02.4
- Range: All versions including affected IPv6 stack
- Siemens/Capital Embedded AR Classic 431-422v5Range: 0
- Siemens/Capital Embedded AR Classic R20-11v5Range: 0
0+ 1 more
- (no CPE)range: 0
- (no CPE)range: 0
- Siemens/Nucleus Source Codev5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- cert-portal.siemens.com/productcert/pdf/ssa-248289.pdfmitrex_refsource_MISC
- us-cert.cisa.gov/ics/advisories/icsa-21-103-05mitrex_refsource_CONFIRM
- cert-portal.siemens.com/productcert/html/ssa-248289.htmlmitre
News mentions
0No linked articles in our index yet.