VDB

CISA-2024-50557

CISA-2024-50557 PUBLISHED CVSS 7.2 HIGH

Reported by siemens · Published November 12, 2024

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

Risk Scores

CVSS 3.1
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SiemensRUGGEDCOM RM1224 LTE(4G) EU0
SiemensRUGGEDCOM RM1224 LTE(4G) NAM0
SiemensSCALANCE M804PB0
SiemensSCALANCE M812-1 ADSL-Router0
SiemensSCALANCE M812-1 ADSL-Router0
SiemensSCALANCE M816-1 ADSL-Router0
SiemensSCALANCE M816-1 ADSL-Router0
SiemensSCALANCE M826-2 SHDSL-Router0
SiemensSCALANCE M874-20
SiemensSCALANCE M874-30
SiemensSCALANCE M874-3 3G-Router (CN)0
SiemensSCALANCE M876-30
SiemensSCALANCE M876-3 (ROK)0
SiemensSCALANCE M876-40
SiemensSCALANCE M876-4 (EU)0
SiemensSCALANCE M876-4 (NAM)0
SiemensSCALANCE MUM853-1 (A1)0
SiemensSCALANCE MUM853-1 (B1)0
SiemensSCALANCE MUM853-1 (EU)0
SiemensSCALANCE MUM856-1 (A1)0

…and 47 more

Timeline

  • Nov 12, 2024 CVE Published
  • Nov 20, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›