Martin Grubhofer

**Name of the Vulnerable Software and Affected Versions** RUGGEDCOM RM1224 LTE(4G) EU versions prior to V7.1.2 RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V7.1.2 SCALANCE M804PB versions prior to V7.1.2 SCALANCE M812-1 ADSL-Router versions prior to V7.1.2 SCALANCE M816-1 ADSL-Router versions prior to V7.1.2 SCALANCE M826-2 SHDSL-Router versions prior to V7.1.2 SCALANCE M874-2 versions prior to V7.1.2 SCALANCE M874-3 versions prior to V7.1.2 SCALANCE M876-3 versions prior to V7.1.2 SCALANCE M876-4 versions prior to V7.1.2 SCALANCE MUM853-1 versions prior to V7.1.2 SCALANCE MUM856-1 versions prior to V7.1.2 SCALANCE S615 versions prior to V7.1.2 SCALANCE WAM763-1 versions V1.1.0 through V2.9.9 SCALANCE WAM766-1 versions V1.1.0 through V2.9.9 SCALANCE WUM763-1 versions V1.1.0 through V2.9.9 SCALANCE WUM766-1 versions V1.1.0 through V2.9.9 **Description** The issue exists due to insufficient input validation in the software of certain Siemens routers, access points, and routers. This could allow a remote attacker to cause a denial of service condition and reboot the device, potentially affecting other network resources. Affected devices with the TCP Event service enabled do not properly handle malformed packets. **Recommendations** For RUGGEDCOM RM1224 LTE(4G) EU versions prior to V7.1.2, update to version V7.1.2 or later. For RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M804PB versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M812-1 ADSL-Router versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M816-1 ADSL-Router versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M826-2 SHDSL-Router versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M874-2 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M874-3 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M876-3 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE M876-4 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE MUM853-1 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE MUM856-1 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE S615 versions prior to V7.1.2, update to version V7.1.2 or later. For SCALANCE WAM763-1 versions V1.1.0 through V2.9.9, update to version V3.0.0 or later. For SCALANCE WAM766-1 versions V1.1.0 through V2.9.9, update to version V3.0.0 or later. For SCALANCE WUM763-1 versions V1.1.0 through V2.9.9, update to version V3.0.0 or later. For SCALANCE WUM766-1 versions V1.1.0 through V2.9.9, update to version V3.0.0 or later. As a temporary workaround, consider disabling the TCP Event service until a patch is available.