CVE-2021-29998
high-risk
Published 2021-04-13
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
Do I need to act?
-
0.60% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Ruggedcom Win Subscriber Station Firmware
Scalance X200-4 P Irt Firmware
Scalance X201-3P Irt Firmware
Scalance X201-3P Irt Pro Firmware
Scalance X202-2 Irt Firmware
Scalance X202-2P Irt Firmware
Scalance X202-2P Irt Pro Firmware
Scalance X204 Irt Firmware
Scalance X204 Irt Pro Firmware
Scalance X204-2 Firmware
Scalance X204-2Fm Firmware
Scalance X204-2Ld Firmware
Scalance X204-2Ld Ts Firmware
Scalance X204-2Ts Firmware
Scalance X206-1 Firmware
Scalance X206-1Ld Firmware
Scalance X208 Firmware
Scalance X208 Pro Firmware
Scalance X212-2 Firmware
References (8)
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf
Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-910883.pdf
Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-12
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
23/34 · High