SSA-280834 — Vulnetix

SSA-280834 PUBLISHED CVSS 3.700000047683716 LOW

Affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server.

Risk Scores

CVSS 3.1

3.700000047683716

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Siemens	SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
Siemens	SCALANCE SC622-2C (6GK5622-2GS00-2AC2)
Siemens	SCALANCE M876-3 (6GK5876-3AA02-2BA2)
Siemens	SCALANCE M874-2 (6GK5874-2AA00-2AA2)
Siemens	SCALANCE SC-600 family
Siemens	SCALANCE M816-1 ADSL-Router family
Siemens	SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
Siemens	SCALANCE SC646-2C (6GK5646-2GS00-2AC2)
Siemens	SCALANCE SC626-2C (6GK5626-2GS00-2AC2)
Siemens	SCALANCE M874-3 (6GK5874-3AA00-2AA2)
Siemens	SCALANCE SC632-2C (6GK5632-2GS00-2AC2)
Siemens	SCALANCE M804PB (6GK5804-0AP00-2AA2)
Siemens	SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
Siemens	SCALANCE SC636-2C (6GK5636-2GS00-2AC2)
Siemens	SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
Siemens	SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
Siemens	SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
Siemens	SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1)
Siemens	SCALANCE M812-1 ADSL-Router family
Siemens	SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)

…and 13 more

Timeline

Mar 11, 2025 CVE Published
May 12, 2026 CVE Updated

References

Open in Interactive Console →