Siemens Scalance S615 Firmware vulnerabilities

18 known vulnerabilities affecting siemens/scalance_s615_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH10MEDIUM5LOW2

Vulnerabilities

Page 1 of 1

CVE-2024-50557HIGHCVSS 8.6fixed in 8.22024-11-12

CVE-2024-50557 [HIGH] CWE-20 CVE-2024-50557: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1

nvd

CVE-2024-50572HIGHCVSS 8.6fixed in 8.22024-11-12

CVE-2024-50572 [HIGH] CWE-74 CVE-2024-50572: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1

nvd

CVE-2024-50558MEDIUMCVSS 5.3fixed in 8.22024-11-12

CVE-2024-50558 [MEDIUM] CWE-284 CVE-2024-50558: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK581

nvd

CVE-2024-50559MEDIUMCVSS 5.1fixed in 8.22024-11-12

CVE-2024-50559 [MEDIUM] CWE-22 CVE-2024-50559: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812

nvd

CVE-2024-50561MEDIUMCVSS 5.1fixed in 8.22024-11-12

CVE-2024-50561 [MEDIUM] CWE-79 CVE-2024-50561: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812

nvd

CVE-2024-50560LOWCVSS 2.3fixed in 8.22024-11-12

CVE-2024-50560 [LOW] CWE-20 CVE-2024-50560: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1B

nvd

CVE-2022-31766HIGHCVSS 8.6fixed in 7.1.22022-10-11

CVE-2022-31766 [HIGH] CWE-20 CVE-2022-31766: A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All version A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 = V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial

nvd

CVE-2021-22924LOWCVSS 3.7fixed in 7.12021-08-05

CVE-2021-22924 [LOW] CWE-20 CVE-2021-22924: libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or c

nvd

CVE-2020-28400HIGHCVSS 8.7fixed in 6.42021-07-13

CVE-2020-28400 [HIGH] CWE-770 CVE-2020-28400: Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.

nvd

CVE-2021-3449MEDIUMCVSS 5.9≥ 6.22021-03-25

CVE-2021-3449 [MEDIUM] CWE-476 CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a cr

nvd

CVE-2021-25667HIGHCVSS 8.8≥ 4.3, < 6.42021-03-15

CVE-2021-25667 [HIGH] CWE-121 CVE-2021-25667: A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and = V4.3 and = V4.3 and = V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions

nvd

CVE-2021-25676HIGHCVSS 7.5v6.32021-03-15

CVE-2021-25676 [HIGH] CWE-307 CVE-2021-25676: A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Multiple failed SSH authentication attempts could trigger a temporary Denial-of-Service under certain conditions. When triggered, the device will reboot automatically.

nvd

CVE-2019-13946HIGHCVSS 7.5fixed in 4.32020-02-11

CVE-2019-13946 [HIGH] CWE-400 CVE-2019-13946: Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation wh Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack. The security vulnerability could be

nvd

CVE-2018-5391HIGHCVSS 7.5Exploitedfixed in 6.12018-09-06

CVE-2018-5391 [HIGH] CWE-400 CVE-2018-5391: The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of speci The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current

nvd

CVE-2017-14491CRITICALCVSS 9.8PoCfixed in 5.02017-10-04

CVE-2017-14491 [CRITICAL] CWE-787 CVE-2017-14491: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

nvd

CVE-2017-2681HIGHCVSS 7.1fixed in 4.032017-05-11

CVE-2017-2681 [HIGH] CWE-400 CVE-2017-2681: Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected pro Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected.

nvd

CVE-2017-2680HIGHCVSS 7.1fixed in 4.032017-05-11

CVE-2017-2680 [HIGH] CWE-400 CVE-2017-2680: Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affect Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected.

nvd

CVE-2016-7090MEDIUMCVSS 4.0≤ 4.012016-09-29

CVE-2016-7090 [MEDIUM] CWE-200 CVE-2016-7090: The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

nvd