Details of VAR-202210-0430

ID

VAR-202210-0430

CVE

CVE-2022-31766

TITLE

Siemens RUGGEDCOM RM1224 Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE S615 EEC (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (US) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (US) (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (US) (All versions >= V1.1.0 < V2.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

Trust: 1.0

sources: NVD: CVE-2022-31766

AFFECTED PRODUCTS

vendor:	siemens	model:	scalance m874-2	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	ruggedcom rm1224	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance wam766-1	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	siemens	model:	scalance m804pb	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance mum856-1	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance wum763-1	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	siemens	model:	scalance m874-3	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance m876-3	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance mum853-1	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance m826-2	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance m812-1	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance wam763-1	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	siemens	model:	scalance s615	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance wum766-1	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	siemens	model:	scalance m816-1	scope:	lt	version:	7.1.2	Trust: 1.0
vendor:	siemens	model:	scalance m876-4	scope:	lt	version:	7.1.2	Trust: 1.0

sources: NVD: CVE-2022-31766

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2022-31766
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2022-31766
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202210-395
value:	HIGH
Trust: 0.6

productcert@siemens.com:	CVE-2022-31766
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766 // NVD: CVE-2022-31766

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.0

sources: NVD: CVE-2022-31766

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

PATCH

title:

Siemens RUGGEDCOM RM1224 Enter the fix for the verification error vulnerability

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=210522

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

EXTERNAL IDS

db:	NVD	id:	CVE-2022-31766	Trust: 1.6
db:	SIEMENS	id:	SSA-697140	Trust: 1.6
db:	ICS CERT	id:	ICSA-22-286-08	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5100	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-395	Trust: 0.6

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf	Trust: 1.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-286-08	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5100	Trust: 0.6
url:	https://vigilance.fr/vulnerability/ruggedcom-rm1224-denial-of-service-via-tcp-event-service-39512	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-31766/	Trust: 0.6

sources: CNNVD: CNNVD-202210-395 // NVD: CVE-2022-31766

CREDITS

Martin Grubhofer and Michael Messner of Siemens Energy reported this vulnerability to Siemens.

Trust: 0.6

sources: CNNVD: CNNVD-202210-395

SOURCES

db:	CNNVD	id:	CNNVD-202210-395
db:	NVD	id:	CVE-2022-31766

LAST UPDATE DATE

2024-08-14T13:42:20.454000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202210-395	date:	2023-03-15T00:00:00
db:	NVD	id:	CVE-2022-31766	date:	2023-11-07T03:47:41.190

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202210-395	date:	2022-10-11T00:00:00
db:	NVD	id:	CVE-2022-31766	date:	2022-10-11T11:15:09.810