Sign-up

ID

VAR-202411-0486


CVE

CVE-2024-50557


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-012537

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers

Trust: 2.16

sources: NVD: CVE-2024-50557 // JVNDB: JVNDB-2024-012537 // CNVD: CNVD-2024-45210

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-45210

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.2

Trust: 5.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.2

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.2

Trust: 2.0

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m812-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m816-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance m876-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.2

Trust: 1.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-45210 // JVNDB: JVNDB-2024-012537 // NVD: CVE-2024-50557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50557
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2024-50557
value: HIGH

Trust: 1.0

NVD: CVE-2024-50557
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-45210
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-45210
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50557
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-50557
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-50557
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-45210 // JVNDB: JVNDB-2024-012537 // NVD: CVE-2024-50557 // NVD: CVE-2024-50557

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012537 // NVD: CVE-2024-50557

PATCH

title:Patch for Multiple Siemens products have input validation errors (CNVD-2024-45210)url:https://www.cnvd.org.cn/patchInfo/show/617361

Trust: 0.6

sources: CNVD: CNVD-2024-45210

EXTERNAL IDS

db:NVDid:CVE-2024-50557

Trust: 3.2

db:SIEMENSid:SSA-354112

Trust: 2.4

db:ICS CERTid:ICSA-24-319-06

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012537

Trust: 0.8

db:CNVDid:CNVD-2024-45210

Trust: 0.6

sources: CNVD: CNVD-2024-45210 // JVNDB: JVNDB-2024-012537 // NVD: CVE-2024-50557

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu96191615/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50557

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06

Trust: 0.8

sources: CNVD: CNVD-2024-45210 // JVNDB: JVNDB-2024-012537 // NVD: CVE-2024-50557

SOURCES

db:CNVDid:CNVD-2024-45210
db:JVNDBid:JVNDB-2024-012537
db:NVDid:CVE-2024-50557

LAST UPDATE DATE

2024-11-20T22:03:08.248000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-45210date:2024-11-18T00:00:00
db:JVNDBid:JVNDB-2024-012537date:2024-11-19T06:02:00
db:NVDid:CVE-2024-50557date:2024-11-13T19:54:52.490

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-45210date:2024-11-18T00:00:00
db:JVNDBid:JVNDB-2024-012537date:2024-11-14T00:00:00
db:NVDid:CVE-2024-50557date:2024-11-12T13:15:12.157