CVE-2024-50557

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-354112.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_\(cn\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3_\(cn\):-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615_eec:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-12 13:15

Updated : 2024-11-13 19:54

NVD link : CVE-2024-50557

Mitre link : CVE-2024-50557

CVE.ORG link : CVE-2024-50557

JSON object : View

Products Affected

siemens

scalance_m826-2
scalance_m876-3_\(rok\)_firmware
scalance_m874-2
scalance_mum856-1_\(a1\)_firmware
scalance_mum853-1_\(b1\)
scalance_m816-1_\(annex_b\)
scalance_m876-4_\(eu\)
scalance_m876-4
scalance_m876-4_firmware
scalance_m874-3
scalance_mum856-1_\(eu\)
scalance_m876-4_\(eu\)_firmware
scalance_mum853-1_\(eu\)
scalance_m816-1_\(annex_a\)_firmware
scalance_mum856-1_\(a1\)
scalance_s615
ruggedcom_rm1224_lte\(4g\)_eu
scalance_m816-1_\(annex_b\)_firmware
scalance_m826-2_firmware
scalance_mum853-1_\(a1\)_firmware
scalance_mum853-1_\(a1\)
scalance_m812-1_\(annex_a\)_firmware
scalance_mum856-1_\(b1\)_firmware
scalance_s615_firmware
ruggedcom_rm1224_lte\(4g\)_eu_firmware
scalance_mum856-1_\(b1\)
scalance_mum853-1_\(b1\)_firmware
scalance_m876-3_\(rok\)
scalance_mum856-1_\(cn\)_firmware
scalance_m812-1_\(annex_b\)
scalance_m804pb_firmware
scalance_m804pb
scalance_m874-3_firmware
scalance_m874-3_\(cn\)_firmware
scalance_m874-2_firmware
scalance_m812-1_\(annex_b\)_firmware
scalance_m812-1_\(annex_a\)
scalance_mum856-1_\(eu\)_firmware
scalance_m876-4_\(nam\)_firmware
scalance_mum856-1_\(row\)_firmware
scalance_m816-1_\(annex_a\)
scalance_m876-3
scalance_s615_eec
ruggedcom_rm1224_lte\(4g\)_nam_firmware
scalance_m876-3_firmware
scalance_s615_eec_firmware
ruggedcom_rm1224_lte\(4g\)_nam
scalance_mum853-1_\(eu\)_firmware
scalance_m876-4_\(nam\)
scalance_mum856-1_\(row\)
scalance_mum856-1_\(cn\)
scalance_m874-3_\(cn\)

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

7.2 /10