CVE-2024-50561

Nov. 13, 2024, 7:57 p.m.

CVSS Score

6.1 / 10

Products Impacted

Vendor	Product	Versions
siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_eu ruggedcom_rm1224_lte\(4g\)_nam_firmware ruggedcom_rm1224_lte\(4g\)_nam scalance_m804pb_firmware scalance_m804pb scalance_m812-1_\(annex_a\)_firmware scalance_m812-1_\(annex_a\) scalance_m812-1_\(annex_b\)_firmware scalance_m812-1_\(annex_b\) scalance_m816-1_\(annex_a\)_firmware scalance_m816-1_\(annex_a\) scalance_m816-1_\(annex_b\)_firmware scalance_m816-1_\(annex_b\) scalance_m826-2_firmware scalance_m826-2 scalance_m874-2_firmware scalance_m874-2 scalance_m874-3_firmware scalance_m874-3 scalance_m874-3_\(cn\)_firmware scalance_m874-3_\(cn\) scalance_m876-3_firmware scalance_m876-3 scalance_m876-3_\(rok\)_firmware scalance_m876-3_\(rok\) scalance_m876-4_firmware scalance_m876-4 scalance_m876-4_\(eu\)_firmware scalance_m876-4_\(eu\) scalance_m876-4_\(nam\)_firmware scalance_m876-4_\(nam\) scalance_mum853-1_\(a1\)_firmware scalance_mum853-1_\(a1\) scalance_mum853-1_\(b1\)_firmware scalance_mum853-1_\(b1\) scalance_mum853-1_\(eu\)_firmware scalance_mum853-1_\(eu\) scalance_mum856-1_\(a1\)_firmware scalance_mum856-1_\(a1\) scalance_mum856-1_\(b1\)_firmware scalance_mum856-1_\(b1\) scalance_mum856-1_\(cn\)_firmware scalance_mum856-1_\(cn\) scalance_mum856-1_\(eu\)_firmware scalance_mum856-1_\(eu\) scalance_mum856-1_\(row\)_firmware scalance_mum856-1_\(row\) scalance_s615_eec_firmware scalance_s615_eec scalance_s615_firmware scalance_s615	* - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * - * -

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.

Weaknesses

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE ID: 79

Date

Published: Nov. 12, 2024, 1:15 p.m.

Last Modified: Nov. 13, 2024, 7:57 p.m.

Status : Analyzed

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

productcert@siemens.com

CPEs

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware	/	/	/	/	/	/	/	/
h	siemens	ruggedcom_rm1224_lte\(4g\)_eu	-	/	/	/	/	/	/	/
o	siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware	/	/	/	/	/	/	/	/
h	siemens	ruggedcom_rm1224_lte\(4g\)_nam	-	/	/	/	/	/	/	/
o	siemens	scalance_m804pb_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m804pb	-	/	/	/	/	/	/	/
o	siemens	scalance_m812-1_\(annex_a\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m812-1_\(annex_a\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m812-1_\(annex_b\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m812-1_\(annex_b\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m816-1_\(annex_a\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m816-1_\(annex_a\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m816-1_\(annex_b\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m816-1_\(annex_b\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m826-2_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m826-2	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-2_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-2	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-3_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-3	-	/	/	/	/	/	/	/
o	siemens	scalance_m874-3_\(cn\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m874-3_\(cn\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-3_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-3	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-3_\(rok\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-3_\(rok\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_m876-4_\(nam\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_m876-4_\(nam\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(a1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(a1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(b1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(b1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum853-1_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum853-1_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(a1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(a1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(b1\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(b1\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(cn\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(cn\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(eu\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(eu\)	-	/	/	/	/	/	/	/
o	siemens	scalance_mum856-1_\(row\)_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_mum856-1_\(row\)	-	/	/	/	/	/	/	/
o	siemens	scalance_s615_eec_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_s615_eec	-	/	/	/	/	/	/	/
o	siemens	scalance_s615_firmware	/	/	/	/	/	/	/	/
h	siemens	scalance_s615	-	/	/	/	/	/	/	/

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

6.1

Exploitability Score

2.8

Impact Score

2.7

Base Severity

MEDIUM

CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

https://cert-portal.siemens.com/ productcert@siemens.com