CVE-2021-31881
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0008)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The DHCP client in Capital Embedded AR Classic products fails to validate Vendor option length in DHCP OFFER messages, enabling remote denial-of-service.
Vulnerability
The DHCP client in Capital Embedded AR Classic 431-422 (all versions) and Capital Embedded AR Classic R20-11 (versions prior to V2303) does not validate the length of Vendor-specific options in DHCP OFFER messages. This missing length check allows a malformed DHCP OFFER to trigger a denial-of-service condition. The vulnerability is identified as FSMD-2021-0008.
Exploitation
An attacker on the same network segment can send a crafted DHCP OFFER message with an invalid Vendor option length. No authentication is required, and the attack does not require user interaction. The victim device must be configured to use DHCP.
Impact
Successful exploitation causes the DHCP client to enter a denial-of-service state, preventing the device from obtaining or maintaining an IP address via DHCP, thereby disrupting network connectivity for the affected device.
Mitigation
For Capital Embedded AR Classic R20-11, upgrade to version V2303 or later. For Capital Embedded AR Classic 431-422, no fix is currently available. General mitigations for Nucleus RTOS-based products, such as network segmentation and DHCP snooping, are recommended in Siemens Security Advisories SSA-114589 [1] and SSA-044112 [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: All versions (431-422), < V2303 (R20-11)
- Siemens/Capital Embedded AR Classic 431-422v5Range: 0
- Siemens/Capital Embedded AR Classic R20-11v5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- cert-portal.siemens.com/productcert/pdf/ssa-044112.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-114589.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/pdf/ssa-620288.pdfmitrex_refsource_MISC
- cert-portal.siemens.com/productcert/html/ssa-044112.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-114589.htmlmitre
- cert-portal.siemens.com/productcert/html/ssa-620288.htmlmitre
News mentions
0No linked articles in our index yet.