PT-2024-8714 · Siemens · Scalance M812-1 Adsl-Router+15
Published
2024-11-12
·
Updated
2024-11-13
·
CVE-2024-50572
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
RUGGEDCOM RM1224 LTE(4G) EU versions prior to V8.2
RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V8.2
SCALANCE M804PB versions prior to V8.2
SCALANCE M812-1 ADSL-Router versions prior to V8.2
SCALANCE M816-1 ADSL-Router versions prior to V8.2
SCALANCE M826-2 SHDSL-Router versions prior to V8.2
SCALANCE M874-2 versions prior to V8.2
SCALANCE M874-3 versions prior to V8.2
SCALANCE M874-3 3G-Router (CN) versions prior to V8.2
SCALANCE M876-3 versions prior to V8.2
SCALANCE M876-3 (ROK) versions prior to V8.2
SCALANCE M876-4 versions prior to V8.2
SCALANCE M876-4 (EU) versions prior to V8.2
SCALANCE M876-4 (NAM) versions prior to V8.2
SCALANCE MUM853-1 (A1) versions prior to V8.2
SCALANCE MUM853-1 (B1) versions prior to V8.2
SCALANCE MUM853-1 (EU) versions prior to V8.2
SCALANCE MUM856-1 (A1) versions prior to V8.2
SCALANCE MUM856-1 (B1) versions prior to V8.2
SCALANCE MUM856-1 (CN) versions prior to V8.2
SCALANCE MUM856-1 (EU) versions prior to V8.2
SCALANCE MUM856-1 (RoW) versions prior to V8.2
SCALANCE S615 EEC LAN-Router versions prior to V8.2
SCALANCE S615 LAN-Router versions prior to V8.2
SCALANCE WAB762-1 versions prior to V3.0.0
SCALANCE WAM763-1 versions prior to V3.0.0
SCALANCE WAM763-1 (ME) versions prior to V3.0.0
SCALANCE WAM763-1 (US) versions prior to V3.0.0
SCALANCE WAM766-1 versions prior to V3.0.0
SCALANCE WAM766-1 (ME) versions prior to V3.0.0
SCALANCE WAM766-1 (US) versions prior to V3.0.0
SCALANCE WAM766-1 EEC versions prior to V3.0.0
SCALANCE WAM766-1 EEC (ME) versions prior to V3.0.0
SCALANCE WAM766-1 EEC (US) versions prior to V3.0.0
SCALANCE WUB762-1 versions prior to V3.0.0
SCALANCE WUB762-1 iFeatures versions prior to V3.0.0
SCALANCE WUM763-1 versions prior to V3.0.0
SCALANCE WUM763-1 (US) versions prior to V3.0.0
SCALANCE WUM766-1 versions prior to V3.0.0
SCALANCE WUM766-1 (ME) versions prior to V3.0.0
SCALANCE WUM766-1 (USA) versions prior to V3.0.0
Description
The issue is related to insufficient input validation in the software of various SCALANCE and RUGGEDCOM devices. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
Recommendations
Update RUGGEDCOM RM1224 LTE(4G) EU to version V8.2 or newer.
Update RUGGEDCOM RM1224 LTE(4G) NAM to version V8.2 or newer.
Update SCALANCE M804PB to version V8.2 or newer.
Update SCALANCE M812-1 ADSL-Router to version V8.2 or newer.
Update SCALANCE M816-1 ADSL-Router to version V8.2 or newer.
Update SCALANCE M826-2 SHDSL-Router to version V8.2 or newer.
Update SCALANCE M874-2 to version V8.2 or newer.
Update SCALANCE M874-3 to version V8.2 or newer.
Update SCALANCE M874-3 3G-Router (CN) to version V8.2 or newer.
Update SCALANCE M876-3 to version V8.2 or newer.
Update SCALANCE M876-3 (ROK) to version V8.2 or newer.
Update SCALANCE M876-4 to version V8.2 or newer.
Update SCALANCE M876-4 (EU) to version V8.2 or newer.
Update SCALANCE M876-4 (NAM) to version V8.2 or newer.
Update SCALANCE MUM853-1 (A1) to version V8.2 or newer.
Update SCALANCE MUM853-1 (B1) to version V8.2 or newer.
Update SCALANCE MUM853-1 (EU) to version V8.2 or newer.
Update SCALANCE MUM856-1 (A1) to version V8.2 or newer.
Update SCALANCE MUM856-1 (B1) to version V8.2 or newer.
Update SCALANCE MUM856-1 (CN) to version V8.2 or newer.
Update SCALANCE MUM856-1 (EU) to version V8.2 or newer.
Update SCALANCE MUM856-1 (RoW) to version V8.2 or newer.
Update SCALANCE S615 EEC LAN-Router to version V8.2 or newer.
Update SCALANCE S615 LAN-Router to version V8.2 or newer.
Update SCALANCE WAB762-1 to version V3.0.0 or newer.
Update SCALANCE WAM763-1 to version V3.0.0 or newer.
Update SCALANCE WAM763-1 (ME) to version V3.0.0 or newer.
Update SCALANCE WAM763-1 (US) to version V3.0.0 or newer.
Update SCALANCE WAM766-1 to version V3.0.0 or newer.
Update SCALANCE WAM766-1 (ME) to version V3.0.0 or newer.
Update SCALANCE WAM766-1 (US) to version V3.0.0 or newer.
Update SCALANCE WAM766-1 EEC to version V3.0.0 or newer.
Update SCALANCE WAM766-1 EEC (ME) to version V3.0.0 or newer.
Update SCALANCE WAM766-1 EEC (US) to version V3.0.0 or newer.
Update SCALANCE WUB762-1 to version V3.0.0 or newer.
Update SCALANCE WUB762-1 iFeatures to version V3.0.0 or newer.
Update SCALANCE WUM763-1 to version V3.0.0 or newer.
Update SCALANCE WUM763-1 (US) to version V3.0.0 or newer.
Update SCALANCE WUM766-1 to version V3.0.0 or newer.
Update SCALANCE WUM766-1 (ME) to version V3.0.0 or newer.
Update SCALANCE WUM766-1 (USA) to version V3.0.0 or newer.
Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ruggedcom Rm1224
Scalance M804Pb
Scalance M812-1 Adsl-Router
Scalance M816-1 Adsl-Router
Scalance M826-2 Shdsl-Router
Scalance M874-2
Scalance M874-3
Scalance M874-3 3G-Router
Scalance M876-3
Scalance M876-4
Scalance Mum853-1
Scalance Mum856-1
Scalance S615
Scalance Wab762-1
Scalance Wam763-1
Scalance Wam766-1