ID
VAR-202210-0430
CVE
CVE-2022-31766
TITLE
Siemens RUGGEDCOM RM1224 Input validation error vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.1.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.1.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.1.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.1.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.1.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.1.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.1.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions >= V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.
Trust: 1.0
IOT TAXONOMY
| category: | ['network device'] | sub_category: | router | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | scalance wam763-1 | scope: | gte | version: | 1.1.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m874-2 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | ruggedcom rm1224 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m804pb | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m876-3 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance mum856-1 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m876-4 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance wum763-1 | scope: | gte | version: | 1.1.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance wum766-1 | scope: | gte | version: | 1.1.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m826-2 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance wam766-1 | scope: | gte | version: | 1.1.0 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m874-3 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance mum853-1 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m812-1 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance s615 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
| vendor: | siemens | model: | scalance m816-1 | scope: | lt | version: | 7.1.2 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation error
Trust: 0.6
PATCH
| title: | Siemens RUGGEDCOM RM1224 Enter the fix for the verification error vulnerability | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=210522 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-31766 | Trust: 1.7 |
| db: | SIEMENS | id: | SSA-697140 | Trust: 1.6 |
| db: | ICS CERT | id: | ICSA-22-286-08 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2022.5100 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202210-395 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf | Trust: 1.6 |
| url: | https://cert-portal.siemens.com/productcert/html/ssa-697140.html | Trust: 1.0 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-22-286-08 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.5100 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/ruggedcom-rm1224-denial-of-service-via-tcp-event-service-39512 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-31766/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
CREDITS
Martin Grubhofer and Michael Messner of Siemens Energy reported this vulnerability to Siemens.
Trust: 0.6
SOURCES
| db: | OTHER | id: | - |
| db: | CNNVD | id: | CNNVD-202210-395 |
| db: | NVD | id: | CVE-2022-31766 |
LAST UPDATE DATE
2025-02-11T21:47:50.512000+00:00
SOURCES UPDATE DATE
| db: | CNNVD | id: | CNNVD-202210-395 | date: | 2023-03-15T00:00:00 |
| db: | NVD | id: | CVE-2022-31766 | date: | 2025-02-11T11:15:11.210 |
SOURCES RELEASE DATE
| db: | CNNVD | id: | CNNVD-202210-395 | date: | 2022-10-11T00:00:00 |
| db: | NVD | id: | CVE-2022-31766 | date: | 2022-10-11T11:15:09.810 |