CVE-2022-31766

Published: Oct 11, 2022Modified: Apr 10, 2025

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.1.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.1.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.1.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.1.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.1.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.1.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.1.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions >= V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

Affected (17)

Products: Siemens: Ruggedcom Rm1224 Firmware, Scalance M804pb Firmware, Scalance M812 1 Firmware, Scalance M816 1 Firmware, Scalance M826 2 Firmware, Scalance M874 2 Firmware, Scalance M874 3 Firmware, Scalance M876 3 Firmware, Scalance M876 4 Firmware, Scalance Mum853 1 Firmware, Scalance Mum856 1 Firmware, Scalance S615 Firmware, Scalance Wam763 1 Firmware, Scalance Wam766 1 Firmware, Scalance Wum763 1 Firmware, Scalance Wum766 1 Firmware

Siemens

16 products

Ruggedcom Rm1224 Firmware

Scalance M804pb Firmware

Scalance M812 1 Firmware

Scalance M816 1 Firmware

Scalance M826 2 Firmware

Scalance M874 2 Firmware

Scalance M874 3 Firmware

Scalance M876 3 Firmware

Scalance M876 4 Firmware

Scalance Mum853 1 Firmware

Scalance Mum856 1 Firmware

Scalance S615 Firmware

Scalance Wam763 1 Firmware

Scalance Wam766 1 Firmware

Scalance Wum763 1 Firmware

Scalance Wum766 1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Rm1224 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Ruggedcom Rm1224	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M804pb Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M804pb	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M812 1 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M812 1	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M816 1 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M816 1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M826 2 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M826 2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M874 2 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M874 2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M874 3 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M874 3	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M876 3 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M876 3	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance M876 4 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance M876 4	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Mum853 1 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance Mum853 1	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Mum856 1 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance Mum856 1	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance S615 Firmware	Before 7.1.2

Running on/with	Platform Versions
Siemens Scalance S615	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Wam763 1 Firmware	From 1.1.0

Running on/with	Platform Versions
Siemens Scalance Wam763 1	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Wam766 1 Firmware	From 1.1.0

Running on/with	Platform Versions
Siemens Scalance Wam766 1	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Wum763 1 Firmware	From 1.1.0

Running on/with	Platform Versions
Siemens Scalance Wum763 1	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Wum766 1 Firmware	From 1.1.0

Running on/with	Platform Versions
Siemens Scalance Wum766 1	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Wam766 1 Firmware	From 1.1.0

Running on/with	Platform Versions
Siemens Scalance Wam766 1	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

https://cert-portal.siemens.com/productcert/html/ssa-697140.html

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.