| Summary | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices. |
|---|---|
| Publication Date | Aug. 13, 2024, 5:15 p.m. |
| Registration Date | Aug. 26, 2024, 5:03 p.m. |
| Last Update | Aug. 24, 2024, 3:39 a.m. |
| CVSS3.1 : HIGH | |
| スコア | 8.0 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 低 |
| 利用者の関与(UI) | 要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | 高 |
| 完全性への影響(I) | 高 |
| 可用性への影響(A) | 高 |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m826-2_shdsl-router_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m826-2_shdsl-router:-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-3_3g-router_\(cn\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-3_3g-router_\(cn\):-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:* | ||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:* | ||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:* | ||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:* | ||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:* | ||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_s615_eec_lan-router_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_s615_eec_lan-router:-:*:*:*:*:*:*:* | ||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_s615_lan-router_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_s615_lan-router:-:*:*:*:*:*:*:* | ||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:* | ||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:* | ||||
| Configuration25 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:* | ||||
| Configuration26 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:* | 8.1 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:* | ||||
| Title | 複数のシーメンス製品における脆弱性 |
|---|---|
| Summary | ruggedcom rm1224 lte(4g) eu ファームウェア、ruggedcom rm1224 lte(4g) nam ファームウェア、scalance m804pb ファームウェア等複数のシーメンス製品には、不特定の脆弱性が存在します。 |
| Possible impacts | 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Aug. 13, 2024, midnight |
| Registration Date | Aug. 26, 2024, 2:28 p.m. |
| Last Update | Aug. 26, 2024, 2:28 p.m. |
| シーメンス |
| ruggedcom rm1224 lte(4g) eu ファームウェア 8.1 未満 |
| ruggedcom rm1224 lte(4g) nam ファームウェア 8.1 未満 |
| scalance m804pb ファームウェア 8.1 未満 |
| scalance m826-2 shdsl-router ファームウェア 8.1 未満 |
| scalance m874-2 ファームウェア 8.1 未満 |
| scalance m874-3 3g-router (cn) ファームウェア 8.1 未満 |
| scalance m874-3 ファームウェア 8.1 未満 |
| scalance m876-3 (rok) ファームウェア 8.1 未満 |
| scalance m876-3 ファームウェア 8.1 未満 |
| scalance m876-4 (eu) ファームウェア 8.1 未満 |
| scalance m876-4 (nam) ファームウェア 8.1 未満 |
| scalance m876-4 ファームウェア 8.1 未満 |
| scalance mum853-1 (a1) ファームウェア 8.1 未満 |
| scalance mum853-1 (b1) ファームウェア 8.1 未満 |
| scalance mum853-1 (eu) ファームウェア 8.1 未満 |
| scalance mum856-1 (a1) ファームウェア 8.1 未満 |
| scalance mum856-1 (b1) ファームウェア 8.1 未満 |
| scalance mum856-1 (cn) ファームウェア 8.1 未満 |
| scalance mum856-1 (eu) ファームウェア 8.1 未満 |
| scalance mum856-1 (row) ファームウェア 8.1 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2024年08月26日] 掲載 |
Aug. 26, 2024, 2:28 p.m. |