CVE-2024-50559

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-354112.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:siemens:scalance_m874-3_\(cn\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m874-3_\(cn\):-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_eec_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615_eec:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-11-12 13:15

Updated : 2024-11-13 19:56

NVD link : CVE-2024-50559

Mitre link : CVE-2024-50559

CVE.ORG link : CVE-2024-50559

JSON object : View

Products Affected

siemens

scalance_m804pb_firmware
scalance_s615
scalance_m816-1_\(annex_a\)
scalance_mum856-1_\(cn\)
scalance_m816-1_\(annex_b\)
scalance_mum856-1_\(row\)
scalance_m876-4_\(nam\)_firmware
scalance_s615_eec
scalance_s615_eec_firmware
scalance_mum853-1_\(a1\)_firmware
scalance_mum856-1_\(eu\)
scalance_m876-4_\(eu\)
scalance_mum856-1_\(a1\)
scalance_m876-4_firmware
scalance_m876-4_\(nam\)
ruggedcom_rm1224_lte\(4g\)_nam_firmware
scalance_m826-2
scalance_m876-4_\(eu\)_firmware
scalance_m874-3
scalance_mum856-1_\(b1\)_firmware
scalance_m876-3
scalance_m826-2_firmware
scalance_m876-3_\(rok\)
ruggedcom_rm1224_lte\(4g\)_eu
scalance_m874-3_\(cn\)
scalance_mum853-1_\(a1\)
scalance_mum856-1_\(row\)_firmware
scalance_mum856-1_\(b1\)
scalance_m874-3_firmware
scalance_mum856-1_\(eu\)_firmware
scalance_m874-3_\(cn\)_firmware
scalance_m812-1_\(annex_b\)_firmware
scalance_m816-1_\(annex_b\)_firmware
scalance_m876-4
scalance_mum853-1_\(b1\)
scalance_m816-1_\(annex_a\)_firmware
scalance_mum856-1_\(a1\)_firmware
scalance_m804pb
scalance_m812-1_\(annex_b\)
ruggedcom_rm1224_lte\(4g\)_nam
scalance_mum853-1_\(b1\)_firmware
scalance_mum856-1_\(cn\)_firmware
scalance_m812-1_\(annex_a\)
scalance_mum853-1_\(eu\)_firmware
scalance_m874-2_firmware
scalance_m876-3_firmware
scalance_m876-3_\(rok\)_firmware
scalance_mum853-1_\(eu\)
scalance_s615_firmware
scalance_m874-2
scalance_m812-1_\(annex_a\)_firmware
ruggedcom_rm1224_lte\(4g\)_eu_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

4.3 /10