CVE-2022-34821 — Code Injection in Siemens Ruggedcom Rm1224 LTE EU

CWE-94 — Code Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Ruggedcom Rm1224 LTE EU Siemens Ruggedcom Rm1224 LTE NAM Siemens Scalance M804pb +47 more

Timeline

PublishedJul 12

Latest updateJul 13

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2A…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages50 packages

▶CVEListV5siemens/scalance_m812-1_adsl-router< V7.2

▶CVEListV5siemens/scalance_m816-1_adsl-router< V7.2

▶CVEListV5siemens/scalance_s615_lan-router< V7.2

▶CVEListV5siemens/scalance_m826-2_shdsl-router< V7.2

▶CVEListV5siemens/scalance_s615_eec_lan-router< V7.2

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-xx9f-xg2j-c647: A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions),↗2022-07-13

▶

CVEList

CVE-2022-34821: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M↗2022-07-12

▶