All CISA Advisories, EN

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 7.2
  • ATTENTION: Exploitable remotely/low attack complexity
  • Vendor: Siemens
  • Equipment: SCALANCE M-800/S615 Family
  • Vulnerabilities: Acceptance of Extraneous Untrusted Data With Trusted Data, OS Command Injection

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker with administrative privileges to execute arbitrary code on the affected device.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following products of Siemens, are affected:

  • RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prior to V7.2.2
  • RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions prior to V7.2.2
  • SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to V7.2.2
  • SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versons prior to V7.2.2
  • SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions prior to V7.2.2
  • SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions prior to V7.2.2
  • SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions prior to V7.2.2
  • SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to V7.2.2
  • SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to V7.2.2
  • SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to V7.2.2
  • SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): All versions prior to V7.2.2
  • SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to V7.2.2
  • SCALANCE M876-4 (6GK5876-4AA10-2BA2): All versions prior to V7.2.2
  • SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions p

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from All CISA Advisories

    Read the original article: