CVE-2024-50560

Nov. 13, 2024, 7:57 p.m.

CVSS Score

4.3 / 10

Products Impacted

Vendor	Product	Versions
siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_eu ruggedcom_rm1224_lte\(4g\)_nam_firmware ruggedcom_rm1224_lte\(4g\)_nam scalance_m804pb_firmware scalance_m804pb scalance_m812-1_\(annex_a\)_firmware scalance_m812-1_\(annex_a\) scalance_m812-1_\(annex_b\)_firmware scalance_m812-1_\(annex_b\) scalance_m816-1_\(annex_a\)_firmware scalance_m816-1_\(annex_a\) scalance_m816-1_\(annex_b\)_firmware scalance_m816-1_\(annex_b\) scalance_m826-2_firmware scalance_m826-2 scalance_m874-2_firmware scalance_m874-2 scalance_m874-3_firmware scalance_m874-3 scalance_m874-3_\(cn\)_firmware scalance_m874-3_\(cn\) scalance_m876-3_firmware scalance_m876-3 scalance_m876-3_\(rok\)_firmware scalance_m876-3_\(rok\) scalance_m876-4_firmware scalance_m876-4 scalance_m876-4_\(eu\)_firmware scalance_m876-4_\(eu\) scalance_m876-4_\(nam\)_firmware scalance_m876-4_\(nam\) scalance_mum853-1_\(a1\)_firmware scalance_mum853-1_\(a1\) scalance_mum853-1_\(b1\)_firmware scalance_mum853-1_\(b1\) scalance_mum853-1_\(eu\)_firmware scalance_mum853-1_\(eu\) scalance_mum856-1_\(a1\)_firmware scalance_mum856-1_\(a1\) scalance_mum856-1_\(b1\)_firmware scalance_mum856-1_\(b1\) scalance_mum856-1_\(cn\)_firmware scalance_mum856-1_\(cn\) scalance_mum856-1_\(eu\)_firmware scalance_mum856-1_\(eu\) scalance_mum856-1_\(row\)_firmware scalance_mum856-1_\(row\) scalance_s615_eec_firmware scalance_s615_eec scalance_s615_firmware scalance_s615	* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.

Weaknesses

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE ID: 20

Date

Published: Nov. 12, 2024, 1:15 p.m.

Last Modified: Nov. 13, 2024, 7:57 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

productcert@siemens.com

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware	/	/	/	/	/	/	/	/
h	siemens	ruggedcom_rm1224_lte\(4g\)_eu	-	/	/	/	/	/	/	/
o	siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware	/	/	/	/	/	/	/	/
h	siemens	ruggedcom_rm1224_lte\(4g\)_nam	-	/	/	/	/	/	/	/
o	siemens	scalance_m804pb_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m804pb	-	/	/	/	/	/	/	/
o	siemens	scalance_m812-1_\(annex_a\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m812-1_\(annex_a\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m812-1_\(annex_b\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m812-1_\(annex_b\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m816-1_\(annex_a\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m816-1_\(annex_a\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m816-1_\(annex_b\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m816-1_\(annex_b\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m826-2_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m826-2	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-2_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-2	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-3_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-3	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-3_\(cn\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-3_\(cn\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-3_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-3	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-3_\(rok\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-3_\(rok\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_\(nam\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4_\(nam\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(a1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(a1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(b1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(b1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(a1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(a1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(b1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(b1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(cn\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(cn\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(row\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(row\)	-	/	/	/	/	/	/	/
o	siemens	scalance_s615_eec_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_s615_eec	-	/	/	/	/	/	/	/
o	siemens	scalance_s615_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_s615	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.3

Exploitability Score

2.8

Impact Score

1.4

Base Severity

MEDIUM

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

https://cert-portal.siemens.com/ productcert@siemens.com