PT-2025-10727 · Siemens · Scalance Mum853-1+15

Published

2025-03-11

Updated

2025-03-11

CVE-2025-23384

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions < V8.2.1 RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.2.1 SCALANCE M804PB versions < V8.2.1 SCALANCE M812-1 ADSL-Router family versions < V8.2.1 SCALANCE M816-1 ADSL-Router family versions < V8.2.1 SCALANCE M826-2 SHDSL-Router versions < V8.2.1 SCALANCE M874-2 versions < V8.2.1 SCALANCE M874-3 versions < V8.2.1 SCALANCE M874-3 3G-Router (CN) versions < V8.2.1 SCALANCE M876-3 versions < V8.2.1 SCALANCE M876-3 (ROK) versions < V8.2.1 SCALANCE M876-4 versions < V8.2.1 SCALANCE M876-4 (EU) versions < V8.2.1 SCALANCE M876-4 (NAM) versions < V8.2.1 SCALANCE MUB852-1 (A1) versions < V8.2.1 SCALANCE MUB852-1 (B1) versions < V8.2.1 SCALANCE MUM853-1 (A1) versions < V8.2.1 SCALANCE MUM853-1 (B1) versions < V8.2.1 SCALANCE MUM853-1 (EU) versions < V8.2.1 SCALANCE MUM856-1 (A1) versions < V8.2.1 SCALANCE MUM856-1 (B1) versions < V8.2.1 SCALANCE MUM856-1 (CN) versions < V8.2.1 SCALANCE MUM856-1 (EU) versions < V8.2.1 SCALANCE MUM856-1 (RoW) versions < V8.2.1 SCALANCE S615 EEC LAN-Router versions < V8.2.1 SCALANCE S615 LAN-Router versions < V8.2.1 SCALANCE SC-600 family versions < V8.2.1

Description The affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server.

Recommendations Update RUGGEDCOM RM1224 LTE(4G) EU to version V8.2.1 or later. Update RUGGEDCOM RM1224 LTE(4G) NAM to version V8.2.1 or later. Update SCALANCE M804PB to version V8.2.1 or later. Update SCALANCE M812-1 ADSL-Router family to version V8.2.1 or later. Update SCALANCE M816-1 ADSL-Router family to version V8.2.1 or later. Update SCALANCE M826-2 SHDSL-Router to version V8.2.1 or later. Update SCALANCE M874-2 to version V8.2.1 or later. Update SCALANCE M874-3 to version V8.2.1 or later. Update SCALANCE M874-3 3G-Router (CN) to version V8.2.1 or later. Update SCALANCE M876-3 to version V8.2.1 or later. Update SCALANCE M876-3 (ROK) to version V8.2.1 or later. Update SCALANCE M876-4 to version V8.2.1 or later. Update SCALANCE M876-4 (EU) to version V8.2.1 or later. Update SCALANCE M876-4 (NAM) to version V8.2.1 or later. Update SCALANCE MUB852-1 (A1) to version V8.2.1 or later. Update SCALANCE MUB852-1 (B1) to version V8.2.1 or later. Update SCALANCE MUM853-1 (A1) to version V8.2.1 or later. Update SCALANCE MUM853-1 (B1) to version V8.2.1 or later. Update SCALANCE MUM853-1 (EU) to version V8.2.1 or later. Update SCALANCE MUM856-1 (A1) to version V8.2.1 or later. Update SCALANCE MUM856-1 (B1) to version V8.2.1 or later. Update SCALANCE MUM856-1 (CN) to version V8.2.1 or later. Update SCALANCE MUM856-1 (EU) to version V8.2.1 or later. Update SCALANCE MUM856-1 (RoW) to version V8.2.1 or later. Update SCALANCE S615 EEC LAN-Router to version V8.2.1 or later. Update SCALANCE S615 LAN-Router to version V8.2.1 or later. Update SCALANCE SC-600 family to version V8.2.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-187

Related Identifiers

BDU:2025-02900

CVE-2025-23384

Affected Products

Ruggedcom Rm1224 Lte(4G) Eu

Ruggedcom Rm1224 Lte(4G) Nam

Scalance M804Pb

Scalance M812-1 Adsl-Router Family

Scalance M816-1 Adsl-Router Family

Scalance M826-2 Shdsl-Router

Scalance M874-2

Scalance M874-3

Scalance M874-3 3G-Router

Scalance M876-3

Scalance M876-4

Scalance Mub852-1

Scalance Mum853-1

Scalance Mum856-1

Scalance S615 Eec Lan-Router

Scalance Sc-600 Family

PT-2025-10727 · Siemens · Scalance Mum853-1+15

CVE-2025-23384

Weakness Enumeration

Related Identifiers

Affected Products

References · 5