Sign-up

ID

VAR-202411-0489


CVE

CVE-2024-50561


TITLE

Cross-site scripting vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-012536

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers. A cross-site scripting vulnerability exists in several Siemens products, which can be exploited by attackers to compromise the integrity of the system

Trust: 2.16

sources: NVD: CVE-2024-50561 // JVNDB: JVNDB-2024-012536 // CNVD: CNVD-2024-44936

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-44936

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.2

Trust: 5.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.2

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.2

Trust: 2.0

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m812-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m816-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance m876-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.2

Trust: 1.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-44936 // JVNDB: JVNDB-2024-012536 // NVD: CVE-2024-50561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50561
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-50561
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-50561
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-44936
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-44936
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50561
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-50561
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-50561
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-44936 // JVNDB: JVNDB-2024-012536 // NVD: CVE-2024-50561 // NVD: CVE-2024-50561

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012536 // NVD: CVE-2024-50561

PATCH

title:Patch for Cross-site scripting vulnerability in multiple Siemens products (CNVD-2024-44936)url:https://www.cnvd.org.cn/patchInfo/show/617341

Trust: 0.6

sources: CNVD: CNVD-2024-44936

EXTERNAL IDS

db:NVDid:CVE-2024-50561

Trust: 3.2

db:SIEMENSid:SSA-354112

Trust: 2.4

db:ICS CERTid:ICSA-24-319-06

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012536

Trust: 0.8

db:CNVDid:CNVD-2024-44936

Trust: 0.6

sources: CNVD: CNVD-2024-44936 // JVNDB: JVNDB-2024-012536 // NVD: CVE-2024-50561

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu96191615/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50561

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06

Trust: 0.8

sources: CNVD: CNVD-2024-44936 // JVNDB: JVNDB-2024-012536 // NVD: CVE-2024-50561

SOURCES

db:CNVDid:CNVD-2024-44936
db:JVNDBid:JVNDB-2024-012536
db:NVDid:CVE-2024-50561

LAST UPDATE DATE

2024-11-20T21:59:49.636000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-44936date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012536date:2024-11-19T06:03:00
db:NVDid:CVE-2024-50561date:2024-11-13T19:57:56.313

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-44936date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012536date:2024-11-14T00:00:00
db:NVDid:CVE-2024-50561date:2024-11-12T13:15:13.260