VDB

CISA-2022-36323

CISA-2022-36323 PUBLISHED CVSS 9.1 CRITICAL

Reported by siemens · Published August 10, 2022

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

Risk Scores

CVSS 3.1
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SiemensRUGGEDCOM RM1224 LTE(4G) EUAll versions < V7.1.2
SiemensRUGGEDCOM RM1224 LTE(4G) NAMAll versions < V7.1.2
SiemensSCALANCE M804PBAll versions < V7.1.2
SiemensSCALANCE M812-1 ADSL-Router (Annex A)All versions < V7.1.2
SiemensSCALANCE M812-1 ADSL-Router (Annex B)All versions < V7.1.2
SiemensSCALANCE M816-1 ADSL-Router (Annex A)All versions < V7.1.2
SiemensSCALANCE M816-1 ADSL-Router (Annex B)All versions < V7.1.2
SiemensSCALANCE M826-2 SHDSL-RouterAll versions < V7.1.2
SiemensSCALANCE M874-2All versions < V7.1.2
SiemensSCALANCE M874-3All versions < V7.1.2
SiemensSCALANCE M876-3 (EVDO)All versions < V7.1.2
SiemensSCALANCE M876-3 (ROK)All versions < V7.1.2
SiemensSCALANCE M876-4 (EU)All versions < V7.1.2
SiemensSCALANCE M876-4 (NAM)All versions < V7.1.2
SiemensSCALANCE MUM853-1 (EU)All versions < V7.1.2
SiemensSCALANCE MUM856-1 (EU)All versions < V7.1.2
SiemensSCALANCE MUM856-1 (RoW)All versions < V7.1.2
SiemensSCALANCE S615All versions < V7.1.2
SiemensSCALANCE SC622-2CAll versions < V2.3.1
SiemensSCALANCE SC626-2CAll versions < V2.3.1

…and 319 more

Timeline

  • Aug 10, 2022 CVE Published
  • May 20, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›