#VU65357 Code Injection in Siemens products - CVE-2022-34663

Vulnerability identifier: #VU65357

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-34663

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
RUGGEDCOM ROS i800
RUGGEDCOM ROS i801
RUGGEDCOM ROS i802
RUGGEDCOM ROS i803
RUGGEDCOM ROS M969
RUGGEDCOM ROS M2100
RUGGEDCOM ROS M2200
RUGGEDCOM ROS RMC
RUGGEDCOM ROS RMC20
RUGGEDCOM ROS RMC30
RUGGEDCOM ROS RMC40
RUGGEDCOM ROS RMC41
RUGGEDCOM ROS RP110
RUGGEDCOM ROS RS400
RUGGEDCOM ROS RS401
RUGGEDCOM ROS RS416
RUGGEDCOM ROS RS900G
RUGGEDCOM ROS RS900GP
RUGGEDCOM ROS RS900L
RUGGEDCOM ROS RS900W
RUGGEDCOM ROS RS910
RUGGEDCOM ROS RS910L
RUGGEDCOM ROS RS910W
RUGGEDCOM ROS RS920L
RUGGEDCOM ROS RS920W
RUGGEDCOM ROS RS930L
RUGGEDCOM ROS RS930W
RUGGEDCOM ROS RS940G
RUGGEDCOM ROS RS969
RUGGEDCOM ROS RS8000
RUGGEDCOM ROS RS8000A
RUGGEDCOM ROS RS8000H
RUGGEDCOM ROS RS8000T
RUGGEDCOM ROS RSG2100
RUGGEDCOM ROS RSG2100P
RUGGEDCOM ROS RSG2200
RUGGEDCOM ROS RMC8388
RUGGEDCOM ROS RS416V2
RUGGEDCOM ROS RS900 (32M)
RUGGEDCOM ROS RS900G (32M)
RUGGEDCOM ROS RSG907R
RUGGEDCOM ROS RSG908C
RUGGEDCOM ROS RSG909R
RUGGEDCOM ROS RSG910C
RUGGEDCOM ROS RSG920P
RUGGEDCOM ROS RSG2100 (32M)
RUGGEDCOM ROS RSG2288
RUGGEDCOM ROS RSG2300
RUGGEDCOM ROS RSG2300P
RUGGEDCOM ROS RSG2488
RUGGEDCOM ROS RSL910
RUGGEDCOM ROS RST916C
RUGGEDCOM ROS RST916P
RUGGEDCOM ROS RST2228
RUGGEDCOM ROS RST2228P

Software vendor:
Siemens

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the console. A remote user can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

• https://cert-portal.siemens.com/productcert/pdf/ssa-840800.pdf