Multiple vulnerabilities in Siemens RUGGEDCOM and SCALANCE Products



Published: 2023-03-17 | Updated: 2024-03-20
Risk High
Patch available YES
Number of vulnerabilities 68
CVE-ID CVE-2022-2639
CVE-2022-23040
CVE-2022-23039
CVE-2022-23038
CVE-2022-23037
CVE-2022-23036
CVE-2022-2588
CVE-2022-23042
CVE-2022-2380
CVE-2022-1975
CVE-2022-1974
CVE-2022-1734
CVE-2022-1729
CVE-2022-1652
CVE-2022-23041
CVE-2022-23308
CVE-2022-1473
CVE-2022-32208
CVE-2022-36946
CVE-2022-36879
CVE-2022-35252
CVE-2022-33981
CVE-2022-32981
CVE-2022-32296
CVE-2022-32207
CVE-2022-26490
CVE-2022-32206
CVE-2022-32205
CVE-2022-30594
CVE-2022-30065
CVE-2022-28390
CVE-2022-28356
CVE-2022-1516
CVE-2022-1353
CVE-2021-26401
CVE-2021-42377
CVE-2021-42376
CVE-2021-42375
CVE-2021-42374
CVE-2021-42373
CVE-2017-5715
CVE-2021-4149
CVE-2021-42379
CVE-2021-4034
CVE-2019-1073
CVE-2019-1071
CVE-2019-1125
CVE-2018-25032
CVE-2021-42378
CVE-2021-42380
CVE-2022-1343
CVE-2022-0547
CVE-2022-1304
CVE-2022-1292
CVE-2022-1199
CVE-2022-1198
CVE-2022-1016
CVE-2022-1011
CVE-2022-0494
CVE-2021-42381
CVE-2022-0002
CVE-2022-0001
CVE-2021-42386
CVE-2021-42385
CVE-2021-42384
CVE-2021-42383
CVE-2021-42382
CVE-2022-20158
CWE-ID CWE-191
CWE-362
CWE-415
CWE-617
CWE-125
CWE-248
CWE-416
CWE-789
CWE-347
CWE-20
CWE-399
CWE-119
CWE-330
CWE-276
CWE-400
CWE-401
CWE-476
CWE-200
CWE-763
CWE-667
CWE-254
CWE-287
CWE-787
CWE-78
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerability #7 is being exploited in the wild.
Public exploit code for vulnerability #19 is available.
Public exploit code for vulnerability #41 is available.
Vulnerability #44 is being exploited in the wild.
Public exploit code for vulnerability #47 is available.
Public exploit code for vulnerability #54 is available.
Public exploit code for vulnerability #58 is available.
Vulnerable software
Subscribe
SCALANCE S615 EEC
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM856-1 (RoW)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM856-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE MUM853-1 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4 (NAM)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4 (EU)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-4
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-3 (ROK)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M876-3 (EVDO)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-3
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M874-2
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M826-2 SHDSL-Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M816-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex B)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M812-1 ADSL-Router (Annex A)
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE M804PB
Hardware solutions / Routers & switches, VoIP, GSM, etc

RUGGEDCOM RM1224 LTE(4G) NAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

RUGGEDCOM RM1224 LTE(4G) EU
Hardware solutions / Routers & switches, VoIP, GSM, etc

SCALANCE S615
Hardware solutions / Firmware

Vendor Siemens

Security Bulletin

This security bulletin contains information about 68 vulnerabilities.

1) Integer underflow

EUVDB-ID: #VU66812

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-2639

CWE-ID: CWE-191 - Integer underflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the reserve_sfa_size() function in the openvswitch kernel module in Linux kernel. A local user can trigger an out-of-bounds read error and crash the system or escalate privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Race condition

EUVDB-ID: #VU63309

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23040

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the xenbus ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU63308

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23039

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the gntalloc ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Race condition

EUVDB-ID: #VU63307

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23038

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the scsifront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU63306

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23037

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU63305

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23036

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in the blkfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Double Free

EUVDB-ID: #VU66397

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-2588

CWE-ID: CWE-415 - Double Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free error within the network packet scheduler implementation in the route4_change() function in Linux kernel when removing all references to a route filter before freeing it. A local user can run a specially crafted program to crash the kernel or execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

8) Reachable Assertion

EUVDB-ID: #VU63311

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23042

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to reachable assertion in the netfront ring buffer. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU65288

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2380

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Linux kernel framebuffer within the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. A local user can trigger ab out-of-bounds read error and crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Uncaught Exception

EUVDB-ID: #VU64264

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1975

CWE-ID: CWE-248 - Uncaught Exception

Exploit availability: No

Description

The vulnerability allows a remote attacker on the local network to perform a denial of service (DoS) attack.

The vulnerability exists due to an uncaught exception error in the Linux kernel. A remote attacker on the local network can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU64263

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1974

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU64082

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1734

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations. A local user can trigger use-after-free to escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Race condition

EUVDB-ID: #VU64156

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1729

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU64434

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1652

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the bad_flp_intr() function. A local user can execute a specially-crafted program to cause a denial of service condition on the system or escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Race condition

EUVDB-ID: #VU63310

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23041

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a race condition in blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls ring buffers. A malicious backend can exploit the race condition and read or write data or perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU60922

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23308

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing ID and IDREF attributes in valid.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Uncontrolled Memory Allocation

EUVDB-ID: #VU62768

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1473

CWE-ID: CWE-789 - Uncontrolled Memory Allocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to memory reuse is not possible in the OPENSSL_LH_flush() function, which empties a hash table when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU66476

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-36946

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) Resource management error

EUVDB-ID: #VU66550

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36879

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU66881

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-35252

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use-after-free

EUVDB-ID: #VU64944

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-33981

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU65005

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32981

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in ptrace PEEKUSER and POKEUSER when accessing floating point registers on powerpc 32-bit platforms. A local user can trigger buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use of insufficiently random values

EUVDB-ID: #VU64943

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32296

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Linux kernel allowing TCP servers to identify clients by observing what source ports are used. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Incorrect default permissions

EUVDB-ID: #VU64684

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32207

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU62601

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26490

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Resource exhaustion

EUVDB-ID: #VU64681

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32205

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to curl does not impose limits to the size of cookies stored in the system. A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and consume all available disk space.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Incorrect default permissions

EUVDB-ID: #VU63631

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30594

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU66182

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30065

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a crafted awk pattern in the copyvar function. A remote attacker can execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Double Free

EUVDB-ID: #VU63164

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28390

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU63390

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28356

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in net/llc/af_llc.c component. A remote attacker can force the system to leak memory and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU63158

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1516

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error in the Linux kernel’s X.25 set of standardized network protocols functionality. A local user can terminate session using a simulated Ethernet card and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Information disclosure

EUVDB-ID: #VU61566

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26401

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Release of invalid pointer or reference

EUVDB-ID: #VU69653

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42377

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a remote attacker execute arbitrary code on the system.

The vulnerability exists due to improper input validation within the hush applet. A remote attacker can pass a specially crafted input to the application and potentially execute arbitrary shell commands.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU59877

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42376

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Busybox's hush applet when processing a crafted shell command with a \x03 delimiter character. A local user can pass specially crafted string to the affected applet and crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU69652

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42375

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the ash applet. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds read

EUVDB-ID: #VU58670

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42374

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in "unlzma". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU69651

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42373

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the man applet when a section name is supplied but no page argument is given. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

42) Improper locking

EUVDB-ID: #VU64071

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4149

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. A local user can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU58692

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42379

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "next_input_file" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU60007

Risk: Medium

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-4034

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

45) Out-of-bounds read

EUVDB-ID: #VU19108

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1073

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU19107

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1071

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Windows kernel. A local user can use a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Information disclosure

EUVDB-ID: #VU19946

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-1125

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.

The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.

This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

48) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU58680

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42378

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "getvar_i" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU58694

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42380

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "next_input_file" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Security features bypass

EUVDB-ID: #VU62766

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1343

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when validating OCSP response within the OCSP_basic_verify function. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. A remote attacker can perform MitM attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper Authentication

EUVDB-ID: #VU61608

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0547

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests in external authentication plug-ins when more than one of them makes use of deferred authentication replies. A remote attacker can bypass authentication process and gain unauthorized access to the network with only partially correct credentials.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds write

EUVDB-ID: #VU64075

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1304

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.


Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

55) NULL pointer dereference

EUVDB-ID: #VU63432

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1199

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a Null pointer dereference and use after free errors in the ax25_release() function. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU63431

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1198

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU62028

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1016

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU63386

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1011

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

59) Information disclosure

EUVDB-ID: #VU64259

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0494

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU58673

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42381

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "hash_init" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Information disclosure

EUVDB-ID: #VU61199

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0002

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Use-after-free

EUVDB-ID: #VU58678

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42386

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "nvalloc" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU58683

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42385

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "evaluate" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Use-after-free

EUVDB-ID: #VU58685

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42384

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "handle_special" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU69654

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42383

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the awk applet. A remote privileged user can pass a specially crafted input to the application, trigger a use-after-free error and execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU58684

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42382

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the "getvar_s" function. A remote administrator can execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Use-after-free

EUVDB-ID: #VU73781

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20158

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in bdi_put and bdi_unregister of backing-dev.c. A local administrator can gain elevated privileges on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SCALANCE S615 EEC: before 7.2

SCALANCE S615: before 7.2

SCALANCE MUM856-1 (RoW): before 7.2

SCALANCE MUM856-1 (EU): before 7.2

SCALANCE MUM853-1 (EU): before 7.2

SCALANCE M876-4 (NAM): before 7.2

SCALANCE M876-4 (EU): before 7.2

SCALANCE M876-4: before 7.2

SCALANCE M876-3 (ROK): before 7.2

SCALANCE M876-3 (EVDO): before 7.2

SCALANCE M874-3: before 7.2

SCALANCE M874-2: before 7.2

SCALANCE M826-2 SHDSL-Router: before 7.2

SCALANCE M816-1 ADSL-Router (Annex B): before 7.2

SCALANCE M816-1 ADSL-Router (Annex A): before 7.2

SCALANCE M812-1 ADSL-Router (Annex B): before 7.2

SCALANCE M812-1 ADSL-Router (Annex A): before 7.2

SCALANCE M804PB: before 7.2

RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2

RUGGEDCOM RM1224 LTE(4G) EU: before 7.2

External links

http://cert-portal.siemens.com/productcert/txt/ssa-419740.txt


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###