Sign-up

ID

VAR-202411-0488


CVE

CVE-2024-50560


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-012574

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be tampered with. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. Multiple Siemens products have input validation errors that can be exploited by attackers to compromise system integrity

Trust: 2.16

sources: NVD: CVE-2024-50560 // JVNDB: JVNDB-2024-012574 // CNVD: CNVD-2024-44937

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-44937

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.2

Trust: 5.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.2

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.2

Trust: 2.0

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m812-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m816-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance m876-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.2

Trust: 1.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-44937 // JVNDB: JVNDB-2024-012574 // NVD: CVE-2024-50560

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50560
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-50560
value: LOW

Trust: 1.0

NVD: CVE-2024-50560
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-44937
value: LOW

Trust: 0.6

CNVD: CNVD-2024-44937
severity: LOW
baseScore: 2.1
vectorString: AV:N/AC:H/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50560
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-50560
baseSeverity: LOW
baseScore: 3.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-50560
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-44937 // JVNDB: JVNDB-2024-012574 // NVD: CVE-2024-50560 // NVD: CVE-2024-50560

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012574 // NVD: CVE-2024-50560

PATCH

title:Patch for Multiple Siemens products have input validation errors (CNVD-2024-44937)url:https://www.cnvd.org.cn/patchInfo/show/617346

Trust: 0.6

sources: CNVD: CNVD-2024-44937

EXTERNAL IDS

db:NVDid:CVE-2024-50560

Trust: 3.2

db:SIEMENSid:SSA-354112

Trust: 2.4

db:ICS CERTid:ICSA-24-319-06

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012574

Trust: 0.8

db:CNVDid:CNVD-2024-44937

Trust: 0.6

sources: CNVD: CNVD-2024-44937 // JVNDB: JVNDB-2024-012574 // NVD: CVE-2024-50560

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu96191615/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50560

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06

Trust: 0.8

sources: CNVD: CNVD-2024-44937 // JVNDB: JVNDB-2024-012574 // NVD: CVE-2024-50560

SOURCES

db:CNVDid:CNVD-2024-44937
db:JVNDBid:JVNDB-2024-012574
db:NVDid:CVE-2024-50560

LAST UPDATE DATE

2024-11-20T21:29:41.909000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-44937date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012574date:2024-11-19T05:58:00
db:NVDid:CVE-2024-50560date:2024-11-13T19:57:26.073

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-44937date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012574date:2024-11-14T00:00:00
db:NVDid:CVE-2024-50560date:2024-11-12T13:15:12.913