Multiple vulnerabilities in Siemens RUGGEDCOM APE1808 Product Family
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 23 |
| CVE-ID | CVE-2022-32475 CVE-2023-31041 CVE-2023-27373 CVE-2023-24932 CVE-2022-36338 CVE-2022-35896 CVE-2022-35895 CVE-2022-35894 CVE-2022-35893 CVE-2022-32954 CVE-2022-32953 CVE-2022-32477 CVE-2022-32471 CVE-2022-32470 CVE-2022-32469 CVE-2022-30772 CVE-2022-30283 CVE-2022-29275 CVE-2022-27405 CVE-2022-24350 CVE-2021-38578 CVE-2017-5715 CVE-2022-24351 |
| CWE-ID | CWE-367 CWE-312 CWE-20 CWE-254 CWE-94 CWE-401 CWE-787 CWE-119 CWE-125 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #4 is being exploited in the wild. Public exploit code for vulnerability #22 is available. |
| Vulnerable software Subscribe |
RUGGEDCOM APE1808W10 CC Hardware solutions / Firmware RUGGEDCOM APE1808W10 Hardware solutions / Firmware RUGGEDCOM APE1808LNX CC Hardware solutions / Firmware RUGGEDCOM APE1808LNX Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S5 CC Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S5 Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S3 CC Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S3 Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S1 CC Hardware solutions / Firmware RUGGEDCOM APE1808CLA-S1 Hardware solutions / Firmware RUGGEDCOM APE1808CLA-P CC Hardware solutions / Firmware RUGGEDCOM APE1808CLA-P Hardware solutions / Firmware RUGGEDCOM APE1808 SAM-L CC Hardware solutions / Firmware RUGGEDCOM APE1808 SAM-L Hardware solutions / Firmware RUGGEDCOM APE1808 ELAN CC Hardware solutions / Firmware RUGGEDCOM APE1808 ELAN Hardware solutions / Firmware RUGGEDCOM APE1808 CLOUDCONNECT CC Hardware solutions / Firmware RUGGEDCOM APE1808 CLOUDCONNECT Hardware solutions / Firmware RUGGEDCOM APE1808 CKP CC Hardware solutions / Firmware RUGGEDCOM APE1808 CKP Hardware solutions / Firmware RUGGEDCOM APE1808 ADM CC Hardware solutions / Firmware RUGGEDCOM APE1808 ADM Hardware solutions / Firmware |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 23 vulnerabilities.
1) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80861
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32475
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in InsydeH2O. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Cleartext storage of sensitive information
EUVDB-ID: #VU79587
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-31041
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due cleartext storage of system password. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Input validation error
EUVDB-ID: #VU80876
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-27373
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can tamper with a runtime-accessible EFI variable and cause a dynamic BAR setting to overlap SMRAM.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Security features bypass
EUVDB-ID: #VU75901
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-24932
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of the Secure Boot feature. An attacker with physical access to the system or a local user with Administrative rights can bypass Secure Boot.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Code Injection
EUVDB-ID: #VU80875
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-36338
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the FwBlockServiceSmm driver of InsydeH2O. A local administrator can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) Memory leak
EUVDB-ID: #VU80873
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-35896
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in SMM driver (SMRAM read) in InsydeH2O. A local administrator can force the application to leak memory and gain access to sensitive information on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Out-of-bounds write
EUVDB-ID: #VU80872
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-35895
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in SMM driver (SMRAM write) in InsydeH2O. A local administrator can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Memory leak
EUVDB-ID: #VU80871
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-35894
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in SMM driver (SMRAM read) in InsydeH2O. A local administrator can force the application to leak memory and gain access to sensitive information on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Buffer overflow
EUVDB-ID: #VU80868
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-35893
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in InsydeH2O in the FvbServicesRuntimeDxe driver. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80866
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32954
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in InsydeH2O in the SdMmcDevice. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80864
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32953
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in InsydeH2O. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80862
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32477
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in InsydeH2O. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80860
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32471
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in IhisiSmm in InsydeH2O. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80857
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32470
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in the InsydeH2O. A local administrator can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
15) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80859
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32469
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in InsydeH2O. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
16) Out-of-bounds write
EUVDB-ID: #VU80858
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-30772
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in PnpSmm function 0x52. A local administrator can trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
17) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80854
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-30283
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition in UsbCoreDxe. A local administrator can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
18) Buffer overflow
EUVDB-ID: #VU80853
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-29275
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local administrator can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
19) Out-of-bounds read
EUVDB-ID: #VU65637
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-27405
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the "FNT_Size_Request" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
20) Buffer overflow
EUVDB-ID: #VU75028
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-24350
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Insyde BIOS code. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
21) Out-of-bounds write
EUVDB-ID: #VU75395
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-38578
CWE-ID:
Exploit availability:
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in MdeModulePkg/Core/PiSmmCore/PiSmmCore.c. A local user trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
22) Information disclosure
EUVDB-ID: #VU9883
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2017-5715
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
23) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU80878
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-24351
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A local attacker can alter data and code used by the remainder of the boot process.
MitigationInstall update from vendor's website.
Vulnerable software versionsRUGGEDCOM APE1808W10 CC: before 1.0.212N
RUGGEDCOM APE1808W10: before 1.0.212N
RUGGEDCOM APE1808LNX CC: before 1.0.212N
RUGGEDCOM APE1808LNX: before 1.0.212N
RUGGEDCOM APE1808CLA-S5 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S5: before 1.0.212N
RUGGEDCOM APE1808CLA-S3 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S3: before 1.0.212N
RUGGEDCOM APE1808CLA-S1 CC: before 1.0.212N
RUGGEDCOM APE1808CLA-S1: before 1.0.212N
RUGGEDCOM APE1808CLA-P CC: before 1.0.212N
RUGGEDCOM APE1808CLA-P: before 1.0.212N
RUGGEDCOM APE1808 SAM-L CC: before 1.0.212N
RUGGEDCOM APE1808 SAM-L: before 1.0.212N
RUGGEDCOM APE1808 ELAN CC: before 1.0.212N
RUGGEDCOM APE1808 ELAN: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT CC: before 1.0.212N
RUGGEDCOM APE1808 CLOUDCONNECT: before 1.0.212N
RUGGEDCOM APE1808 CKP CC: before 1.0.212N
RUGGEDCOM APE1808 CKP: before 1.0.212N
RUGGEDCOM APE1808 ADM CC: before 1.0.212N
RUGGEDCOM APE1808 ADM: before 1.0.212N
Fixed software versionsCPE2.3 External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
