Multiple vulnerabilities in Siemens SCALANCE W-700 IEEE 802.11ax devices
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2021-42379 CVE-2022-23395 CVE-2021-42386 CVE-2021-42385 CVE-2021-42384 CVE-2021-42383 CVE-2021-42382 CVE-2021-42381 CVE-2021-42380 CVE-2021-42378 CVE-2021-42377 CVE-2021-42376 CVE-2021-42375 CVE-2021-42374 CVE-2021-42373 CVE-2018-25032 CVE-2018-12886 |
| CWE-ID | CWE-416 CWE-79 CWE-763 CWE-476 CWE-20 CWE-125 CWE-119 CWE-209 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SCALANCE WUM766-1 (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WUM766-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WUM763-1 Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 EEC (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 EEC (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 (US) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM766-1 (EU) Hardware solutions / Routers & switches, VoIP, GSM, etc SCALANCE WAM763-1 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU58692
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42379
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "next_input_file" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
2) Cross-site scripting
EUVDB-ID: #VU73786
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-23395
CWE-ID:
Exploit availability:
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
3) Use-after-free
EUVDB-ID: #VU58678
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42386
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "nvalloc" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
4) Use-after-free
EUVDB-ID: #VU58683
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42385
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "evaluate" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
5) Use-after-free
EUVDB-ID: #VU58685
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42384
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "handle_special" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
6) Use-after-free
EUVDB-ID: #VU69654
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42383
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the awk applet. A remote privileged user can pass a specially crafted input to the application, trigger a use-after-free error and execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU58684
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42382
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "getvar_s" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
8) Use-after-free
EUVDB-ID: #VU58673
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42381
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "hash_init" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
9) Use-after-free
EUVDB-ID: #VU58694
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42380
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "next_input_file" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
10) Use-after-free
EUVDB-ID: #VU58680
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42378
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the "getvar_i" function. A remote administrator can execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
11) Release of invalid pointer or reference
EUVDB-ID: #VU69653
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-42377
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker execute arbitrary code on the system.
The vulnerability exists due to improper input validation within the hush applet. A remote attacker can pass a specially crafted input to the application and potentially execute arbitrary shell commands.
Install update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
12) NULL pointer dereference
EUVDB-ID: #VU59877
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42376
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Busybox's hush applet when processing a crafted shell command with a \x03 delimiter character. A local user can pass specially crafted string to the affected applet and crash the application.
Install update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
13) Input validation error
EUVDB-ID: #VU69652
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-42375
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the ash applet. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
14) Out-of-bounds read
EUVDB-ID: #VU58670
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-42374
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in "unlzma". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
15) NULL pointer dereference
EUVDB-ID: #VU69651
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-42373
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the man applet when a section name is supplied but no page argument is given. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
16) Buffer overflow
EUVDB-ID: #VU61671
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2018-25032
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
17) Information Exposure Through an Error Message
EUVDB-ID: #VU73785
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2018-12886
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSCALANCE WUM766-1 (US): before 2.0
SCALANCE WUM766-1 (EU): before 2.0
SCALANCE WUM763-1: before 2.0
SCALANCE WAM766-1 EEC (US): before 2.0
SCALANCE WAM766-1 EEC (EU): before 2.0
SCALANCE WAM766-1 (US): before 2.0
SCALANCE WAM766-1 (EU): before 2.0
SCALANCE WAM763-1: before 2.0
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-565386.txt
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
