ID

VAR-202210-0430


CVE

CVE-2022-31766


TITLE

Siemens RUGGEDCOM RM1224 Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE S615 EEC (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (US) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (US) (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (US) (All versions >= V1.1.0 < V2.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

Trust: 1.0

sources: NVD: CVE-2022-31766

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m874-2scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance wam766-1scope:gteversion:1.1.0

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance mum856-1scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance wum763-1scope:gteversion:1.1.0

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance mum853-1scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance m812-1scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance wam763-1scope:gteversion:1.1.0

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance wum766-1scope:gteversion:1.1.0

Trust: 1.0

vendor:siemensmodel:scalance m816-1scope:ltversion:7.1.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:7.1.2

Trust: 1.0

sources: NVD: CVE-2022-31766

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2022-31766
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-31766
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-395
value: HIGH

Trust: 0.6

productcert@siemens.com: CVE-2022-31766
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766 // NVD: CVE-2022-31766

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2022-31766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

PATCH

title:Siemens RUGGEDCOM RM1224 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=210522

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

EXTERNAL IDS

db:NVDid:CVE-2022-31766

Trust: 1.6

db:SIEMENSid:SSA-697140

Trust: 1.6

db:ICS CERTid:ICSA-22-286-08

Trust: 0.6

db:AUSCERTid:ESB-2022.5100

Trust: 0.6

db:CNNVDid:CNNVD-202210-395

Trust: 0.6

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf

Trust: 1.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-286-08

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5100

Trust: 0.6

url:https://vigilance.fr/vulnerability/ruggedcom-rm1224-denial-of-service-via-tcp-event-service-39512

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-31766/

Trust: 0.6

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766

CREDITS

Martin Grubhofer and Michael Messner of Siemens Energy reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

SOURCES

db:CNNVDid:CNNVD-202210-395
db:NVDid:CVE-2022-31766

LAST UPDATE DATE

2024-08-14T13:42:20.454000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202210-395date:2023-03-15T00:00:00
db:NVDid:CVE-2022-31766date:2023-11-07T03:47:41.190

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202210-395date:2022-10-11T00:00:00
db:NVDid:CVE-2022-31766date:2022-10-11T11:15:09.810