Description
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
High
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Siemens / RUGGEDCOM RM1224 LTE(4G) EU0 – V8.0
- Siemens / RUGGEDCOM RM1224 LTE(4G) NAM0 – V8.0
- Siemens / SCALANCE M804PB0 – V8.0
- Siemens / SCALANCE M812-1 ADSL-Router0 – V8.0
- Siemens / SCALANCE M816-1 ADSL-Router0 – V8.0
- Siemens / SCALANCE M826-2 SHDSL-Router0 – V8.0
- Siemens / SCALANCE M874-20 – V8.0
- Siemens / SCALANCE M874-30 – V8.0
- Siemens / SCALANCE M876-30 – V8.0
- Siemens / SCALANCE M876-3 (ROK)0 – V8.0
- Siemens / SCALANCE M876-40 – V8.0
- Siemens / SCALANCE M876-4 (EU)0 – V8.0
- Siemens / SCALANCE M876-4 (NAM)0 – V8.0
- Siemens / SCALANCE MUM853-1 (EU)0 – V8.0
- Siemens / SCALANCE MUM856-1 (EU)0 – V8.0
- Siemens / SCALANCE MUM856-1 (RoW)0 – V8.0
- Siemens / SCALANCE S615 EEC LAN-Router0 – V8.0
- Siemens / SCALANCE S615 LAN-Router0 – V8.0
- Siemens / SCALANCE W721-1 RJ450 – V6.6.0
- Siemens / SCALANCE W722-1 RJ450 – V6.6.0
- Siemens / SCALANCE W734-1 RJ450 – V6.6.0
- Siemens / SCALANCE W734-1 RJ45 (USA)0 – V6.6.0
- Siemens / SCALANCE W738-1 M120 – V6.6.0
- Siemens / SCALANCE W748-1 M120 – V6.6.0
- Siemens / SCALANCE W748-1 RJ450 – V6.6.0
- Siemens / SCALANCE W761-1 RJ450 – V6.6.0
- Siemens / SCALANCE W774-1 M12 EEC0 – V6.6.0
- Siemens / SCALANCE W774-1 RJ450 – V6.6.0
- Siemens / SCALANCE W774-1 RJ45 (USA)0 – V6.6.0
- Siemens / SCALANCE W778-1 M120 – V6.6.0
- Siemens / SCALANCE W778-1 M12 EEC0 – V6.6.0
- Siemens / SCALANCE W778-1 M12 EEC (USA)0 – V6.6.0
- Siemens / SCALANCE W786-1 RJ450 – V6.6.0
- Siemens / SCALANCE W786-2IA RJ450 – V6.6.0
- Siemens / SCALANCE W786-2 RJ450 – V6.6.0
- Siemens / SCALANCE W786-2 SFP0 – V6.6.0
- Siemens / SCALANCE W788-1 M120 – V6.6.0
- Siemens / SCALANCE W788-1 RJ450 – V6.6.0
- Siemens / SCALANCE W788-2 M120 – V6.6.0
- Siemens / SCALANCE W788-2 M12 EEC0 – V6.6.0
- Siemens / SCALANCE W788-2 RJ450 – V6.6.0
- Siemens / SCALANCE WAB762-10 – V2.4.0
- Siemens / SCALANCE WAM763-10 – V2.4.0
- Siemens / SCALANCE WAM763-1 (ME)0 – V2.4.0
- Siemens / SCALANCE WAM763-1 (US)0 – V2.4.0
- Siemens / SCALANCE WAM766-10 – V2.4.0
- Siemens / SCALANCE WAM766-1 EEC0 – V2.4.0
- Siemens / SCALANCE WAM766-1 EEC (ME)0 – V2.4.0
- Siemens / SCALANCE WAM766-1 EEC (US)0 – V2.4.0
- Siemens / SCALANCE WAM766-1 (ME)0 – V2.4.0
- Siemens / SCALANCE WAM766-1 (US)0 – V2.4.0
- Siemens / SCALANCE WUB762-10 – V2.4.0
- Siemens / SCALANCE WUB762-1 iFeatures0 – V2.4.0
- Siemens / SCALANCE WUM763-10 – V2.4.0
- Siemens / SCALANCE WUM763-1 (US)0 – V2.4.0
- Siemens / SCALANCE WUM766-10 – V2.4.0
- Siemens / SCALANCE WUM766-1 (ME)0 – V2.4.0
- Siemens / SCALANCE WUM766-1 (USA)0 – V2.4.0
References
- MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-699386.pdf
- MISChttps://cert-portal.siemens.com/productcert/pdf/ssa-180704.pdf
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-699386.html
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-180704.html
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-602936.html
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-690517.html
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-721642.html
- MISChttps://cert-portal.siemens.com/productcert/html/ssa-019200.html