Sign-up

ID

VAR-202411-0491


CVE

CVE-2024-50559


TITLE

Path traversal vulnerability in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-012502

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb A path traversal vulnerability exists in firmware and other aspects of several Siemens products.Information may be tampered with. SCALANCE M-800, MUM-800 and S615 as well as RUGGEDCOM RM1224 are industrial routers

Trust: 2.16

sources: NVD: CVE-2024-50559 // JVNDB: JVNDB-2024-012502 // CNVD: CNVD-2024-44938

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-44938

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.2

Trust: 5.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.2

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.2

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.2

Trust: 2.0

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m812-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m816-1scope: - version: -

Trust: 1.6

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance m876-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m826-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance s615 eecscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3 \scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.2

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.2

Trust: 1.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2scope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance s615 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:ruggedcom rm1224 familyscope:ltversion:8.2

Trust: 0.6

vendor:siemensmodel:scalance mum-800 familyscope:ltversion:8.2

Trust: 0.6

sources: CNVD: CNVD-2024-44938 // JVNDB: JVNDB-2024-012502 // NVD: CVE-2024-50559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-50559
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-50559
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-50559
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-44938
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-44938
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-50559
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-50559
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-50559
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-44938 // JVNDB: JVNDB-2024-012502 // NVD: CVE-2024-50559 // NVD: CVE-2024-50559

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012502 // NVD: CVE-2024-50559

PATCH

title:Patch for Path traversal vulnerabilities in multiple Siemens productsurl:https://www.cnvd.org.cn/patchInfo/show/617351

Trust: 0.6

sources: CNVD: CNVD-2024-44938

EXTERNAL IDS

db:NVDid:CVE-2024-50559

Trust: 3.2

db:SIEMENSid:SSA-354112

Trust: 2.4

db:ICS CERTid:ICSA-24-319-06

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012502

Trust: 0.8

db:CNVDid:CNVD-2024-44938

Trust: 0.6

sources: CNVD: CNVD-2024-44938 // JVNDB: JVNDB-2024-012502 // NVD: CVE-2024-50559

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu96191615/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-50559

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-06

Trust: 0.8

sources: CNVD: CNVD-2024-44938 // JVNDB: JVNDB-2024-012502 // NVD: CVE-2024-50559

SOURCES

db:CNVDid:CNVD-2024-44938
db:JVNDBid:JVNDB-2024-012502
db:NVDid:CVE-2024-50559

LAST UPDATE DATE

2024-11-19T21:11:24.577000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-44938date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012502date:2024-11-19T06:05:00
db:NVDid:CVE-2024-50559date:2024-11-13T19:56:31.780

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-44938date:2024-11-14T00:00:00
db:JVNDBid:JVNDB-2024-012502date:2024-11-14T00:00:00
db:NVDid:CVE-2024-50559date:2024-11-12T13:15:12.653