CVE-2024-50560

Nov. 13, 2024, 7:57 p.m.

3.1
Low

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.

Product(s) Impacted

Vendor Product Versions
Siemens
  • Ruggedcom Rm1224 Lte\(4g\) Eu Firmware
  • Ruggedcom Rm1224 Lte\(4g\) Eu
  • Ruggedcom Rm1224 Lte\(4g\) Nam Firmware
  • Ruggedcom Rm1224 Lte\(4g\) Nam
  • Scalance M804pb Firmware
  • Scalance M804pb
  • Scalance M812-1 \(annex A\) Firmware
  • Scalance M812-1 \(annex A\)
  • Scalance M812-1 \(annex B\) Firmware
  • Scalance M812-1 \(annex B\)
  • Scalance M816-1 \(annex A\) Firmware
  • Scalance M816-1 \(annex A\)
  • Scalance M816-1 \(annex B\) Firmware
  • Scalance M816-1 \(annex B\)
  • Scalance M826-2 Firmware
  • Scalance M826-2
  • Scalance M874-2 Firmware
  • Scalance M874-2
  • Scalance M874-3 Firmware
  • Scalance M874-3
  • Scalance M874-3 \(cn\) Firmware
  • Scalance M874-3 \(cn\)
  • Scalance M876-3 Firmware
  • Scalance M876-3
  • Scalance M876-3 \(rok\) Firmware
  • Scalance M876-3 \(rok\)
  • Scalance M876-4 Firmware
  • Scalance M876-4
  • Scalance M876-4 \(eu\) Firmware
  • Scalance M876-4 \(eu\)
  • Scalance M876-4 \(nam\) Firmware
  • Scalance M876-4 \(nam\)
  • Scalance Mum853-1 \(a1\) Firmware
  • Scalance Mum853-1 \(a1\)
  • Scalance Mum853-1 \(b1\) Firmware
  • Scalance Mum853-1 \(b1\)
  • Scalance Mum853-1 \(eu\) Firmware
  • Scalance Mum853-1 \(eu\)
  • Scalance Mum856-1 \(a1\) Firmware
  • Scalance Mum856-1 \(a1\)
  • Scalance Mum856-1 \(b1\) Firmware
  • Scalance Mum856-1 \(b1\)
  • Scalance Mum856-1 \(cn\) Firmware
  • Scalance Mum856-1 \(cn\)
  • Scalance Mum856-1 \(eu\) Firmware
  • Scalance Mum856-1 \(eu\)
  • Scalance Mum856-1 \(row\) Firmware
  • Scalance Mum856-1 \(row\)
  • Scalance S615 Eec Firmware
  • Scalance S615 Eec
  • Scalance S615 Firmware
  • Scalance S615
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -
  • *
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o siemens ruggedcom_rm1224_lte\(4g\)_eu_firmware / / / / / / / /
h siemens ruggedcom_rm1224_lte\(4g\)_eu - / / / / / / /
o siemens ruggedcom_rm1224_lte\(4g\)_nam_firmware / / / / / / / /
h siemens ruggedcom_rm1224_lte\(4g\)_nam - / / / / / / /
o siemens scalance_m804pb_firmware / / / / / / / /
h siemens scalance_m804pb - / / / / / / /
o siemens scalance_m812-1_\(annex_a\)_firmware / / / / / / / /
h siemens scalance_m812-1_\(annex_a\) - / / / / / / /
o siemens scalance_m812-1_\(annex_b\)_firmware / / / / / / / /
h siemens scalance_m812-1_\(annex_b\) - / / / / / / /
o siemens scalance_m816-1_\(annex_a\)_firmware / / / / / / / /
h siemens scalance_m816-1_\(annex_a\) - / / / / / / /
o siemens scalance_m816-1_\(annex_b\)_firmware / / / / / / / /
h siemens scalance_m816-1_\(annex_b\) - / / / / / / /
o siemens scalance_m826-2_firmware / / / / / / / /
h siemens scalance_m826-2 - / / / / / / /
o siemens scalance_m874-2_firmware / / / / / / / /
h siemens scalance_m874-2 - / / / / / / /
o siemens scalance_m874-3_firmware / / / / / / / /
h siemens scalance_m874-3 - / / / / / / /
o siemens scalance_m874-3_\(cn\)_firmware / / / / / / / /
h siemens scalance_m874-3_\(cn\) - / / / / / / /
o siemens scalance_m876-3_firmware / / / / / / / /
h siemens scalance_m876-3 - / / / / / / /
o siemens scalance_m876-3_\(rok\)_firmware / / / / / / / /
h siemens scalance_m876-3_\(rok\) - / / / / / / /
o siemens scalance_m876-4_firmware / / / / / / / /
h siemens scalance_m876-4 - / / / / / / /
o siemens scalance_m876-4_\(eu\)_firmware / / / / / / / /
h siemens scalance_m876-4_\(eu\) - / / / / / / /
o siemens scalance_m876-4_\(nam\)_firmware / / / / / / / /
h siemens scalance_m876-4_\(nam\) - / / / / / / /
o siemens scalance_mum853-1_\(a1\)_firmware / / / / / / / /
h siemens scalance_mum853-1_\(a1\) - / / / / / / /
o siemens scalance_mum853-1_\(b1\)_firmware / / / / / / / /
h siemens scalance_mum853-1_\(b1\) - / / / / / / /
o siemens scalance_mum853-1_\(eu\)_firmware / / / / / / / /
h siemens scalance_mum853-1_\(eu\) - / / / / / / /
o siemens scalance_mum856-1_\(a1\)_firmware / / / / / / / /
h siemens scalance_mum856-1_\(a1\) - / / / / / / /
o siemens scalance_mum856-1_\(b1\)_firmware / / / / / / / /
h siemens scalance_mum856-1_\(b1\) - / / / / / / /
o siemens scalance_mum856-1_\(cn\)_firmware / / / / / / / /
h siemens scalance_mum856-1_\(cn\) - / / / / / / /
o siemens scalance_mum856-1_\(eu\)_firmware / / / / / / / /
h siemens scalance_mum856-1_\(eu\) - / / / / / / /
o siemens scalance_mum856-1_\(row\)_firmware / / / / / / / /
h siemens scalance_mum856-1_\(row\) - / / / / / / /
o siemens scalance_s615_eec_firmware / / / / / / / /
h siemens scalance_s615_eec - / / / / / / /
o siemens scalance_s615_firmware / / / / / / / /
h siemens scalance_s615 - / / / / / / /

References

https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Tags

CWE-20
productcert@siemens.com
NVD-CWE-noinfo
2024-11-12
CVE-2024-50560

CVSS Score

3.1 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

    View Vector String

Timeline

Published: Nov. 12, 2024, 1:15 p.m.
Last Modified: Nov. 13, 2024, 7:57 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

productcert@siemens.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.