As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM RM1224, SCALANCE M-800 Family
- Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation, Exposure of Data Element to Wrong Session, Insertion of Sensitive Information into Log File
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary code, escalate privilege, forge 2FA tokens of other users, or cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following products of Siemens, are affected:
- Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): Versions prior to V8.1
- Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): Versions prior to V8.1
- Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2): Versions prior to V8.1
- Siemens SCALANCE M812-1 ADSL-Router family: Versions prior to V8.1
- Siemens SCALANCE M816-1 ADSL-Router family: Versions prior to V8.1
- Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): Versions prior to V8.1
- Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2): Versions prior to V8.1
- Siemens SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2): Versions prior to V8.1
- Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2): Versions prior to V8.1
- Siemens SCALANCE M876-3 (6GK5876-3AA02-2BA2): Versions prior to V8.1
- Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): Vers
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: