Sign-up

ID

VAR-202407-0079


CVE

CVE-2024-5594


TITLE

Multiple Siemens products log output and error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-45211

DESCRIPTION

SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. Multiple Siemens products have a log output neutralization error vulnerability that can be exploited by attackers to send spam to the openvpn log, causing high CPU load. ========================================================================== Ubuntu Security Notice USN-6860-1 July 02, 2024 openvpn vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. (CVE-2024-28882) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS openvpn 2.6.9-1ubuntu4.1 Ubuntu 23.10 openvpn 2.6.5-0ubuntu1.2 Ubuntu 22.04 LTS openvpn 2.5.9-0ubuntu0.22.04.3 Ubuntu 20.04 LTS openvpn 2.4.12-0ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6860-1 CVE-2024-28882, CVE-2024-5594 Package Information: https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1 https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

Trust: 0.63

sources: CNVD: CNVD-2024-45211 // PACKETSTORM: 179338

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-45211

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-45211

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2024-45211
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-45211
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2024-45211

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 179338

PATCH

title:Patch for Multiple Siemens products log output and error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/617366

Trust: 0.6

sources: CNVD: CNVD-2024-45211

EXTERNAL IDS

db:NVDid:CVE-2024-5594

Trust: 0.7

db:SIEMENSid:SSA-354112

Trust: 0.6

db:CNVDid:CNVD-2024-45211

Trust: 0.6

db:PACKETSTORMid:179338

Trust: 0.1

sources: CNVD: CNVD-2024-45211 // PACKETSTORM: 179338

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 0.6

url:https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-5594

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6860-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2024-28882

Trust: 0.1

sources: CNVD: CNVD-2024-45211 // PACKETSTORM: 179338

CREDITS

Ubuntu

Trust: 0.1

sources: PACKETSTORM: 179338

SOURCES

db:CNVDid:CNVD-2024-45211
db:PACKETSTORMid:179338

LAST UPDATE DATE

2024-11-20T19:36:05.756000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-45211date:2024-11-18T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-45211date:2024-11-18T00:00:00
db:PACKETSTORMid:179338date:2024-07-03T15:08:36