CVE-2022-31766

CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.6HIGH

EPSS

1.0%

top 23.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Rm1224 Lte(4g) EU Siemens Ruggedcom Rm1224 Lte(4g) NAM Siemens Scalance M804pb +39 more

Timeline

PublishedOct 11

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages42 packages

▶NVDsiemens/ruggedcom_rm1224_firmware< 7.1.2

▶CVEListV5siemens/ruggedcom_rm1224_lte(4g)_eu< V7.1.2

▶CVEListV5siemens/ruggedcom_rm1224_lte(4g)_nam< V7.1.2

▶CVEListV5siemens/scalance_m804pb< V7.1.2

▶CVEListV5siemens/scalance_m874-2< V7.1.2

🔴Vulnerability Details

CVEList

CVE-2022-31766: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions = V1↗2022-10-11

▶

GHSA

GHSA-gh7w-58g5-rmwx: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions = V1↗2022-10-11

▶