Sign-up

ID

VAR-202411-0487


CVE

CVE-2024-50558


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-012495

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers

Trust: 2.16

sources: NVD: CVE-2024-50558 // JVNDB: JVNDB-2024-012495 // CNVD: CNVD-2024-45209

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-45209

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.2

Trust: 5.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.2

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.2

Trust: 2.0

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m812-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m816-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance m876-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.2

Trust: 1.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-45209 // JVNDB: JVNDB-2024-012495 // NVD: CVE-2024-50558

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-50558
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-012495
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-45209
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-45209
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-50558
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-012495
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-45209 // JVNDB: JVNDB-2024-012495 // NVD: CVE-2024-50558

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012495 // NVD: CVE-2024-50558

PATCH

title:Patch for Multiple Siemens products have access control errors (CNVD-2024-45209)url:https://www.cnvd.org.cn/patchInfo/show/617356

Trust: 0.6

sources: CNVD: CNVD-2024-45209

EXTERNAL IDS

db:NVDid:CVE-2024-50558

Trust: 3.2

db:SIEMENSid:SSA-354112

Trust: 2.4

db:ICS CERTid:ICSA-24-319-06

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012495

Trust: 0.8

db:CNVDid:CNVD-2024-45209

Trust: 0.6

sources: CNVD: CNVD-2024-45209 // JVNDB: JVNDB-2024-012495 // NVD: CVE-2024-50558

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu96191615/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50558

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06

Trust: 0.8

sources: CNVD: CNVD-2024-45209 // JVNDB: JVNDB-2024-012495 // NVD: CVE-2024-50558

SOURCES

db:CNVDid:CNVD-2024-45209
db:JVNDBid:JVNDB-2024-012495
db:NVDid:CVE-2024-50558

LAST UPDATE DATE

2024-11-20T20:36:16.657000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-45209date:2024-11-18T00:00:00
db:JVNDBid:JVNDB-2024-012495date:2024-11-19T06:07:00
db:NVDid:CVE-2024-50558date:2024-11-13T19:55:25.200

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-45209date:2024-11-18T00:00:00
db:JVNDBid:JVNDB-2024-012495date:2024-11-14T00:00:00
db:NVDid:CVE-2024-50558date:2024-11-12T13:15:12.403