CVE-2024-50559

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions < V8.2 RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.2 SCALANCE M804PB versions < V8.2 SCALANCE M812-1 ADSL-Router versions < V8.2 SCALANCE M816-1 ADSL-Router versions < V8.2 SCALANCE M826-2 SHDSL-Router versions < V8.2 SCALANCE M874-2 versions < V8.2 SCALANCE M874-3 versions < V8.2 SCALANCE M874-3 3G-Router (CN) versions < V8.2 SCALANCE M876-3 versions < V8.2 SCALANCE M876-3 (ROK) versions < V8.2 SCALANCE M876-4 versions < V8.2 SCALANCE M876-4 (EU) versions < V8.2 SCALANCE M876-4 (NAM) versions < V8.2 SCALANCE MUM853-1 versions < V8.2 SCALANCE MUM856-1 versions < V8.2 SCALANCE S615 EEC LAN-Router versions < V8.2 SCALANCE S615 LAN-Router versions < V8.2

Description The affected devices do not properly validate the filenames of the certificate, which could allow an authenticated remote attacker to append arbitrary values, leading to a compromise of the system's integrity. This issue is related to incorrect restriction of the path name to a directory with limited access.

Recommendations For all versions < V8.2, update to version V8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using the vulnerable functionality until the issue is resolved. At the moment, there is no other information about additional mitigation measures.