| Summary | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system. |
|---|---|
| Publication Date | Nov. 12, 2024, 10:15 p.m. |
| Registration Date | Nov. 13, 2024, 5:01 a.m. |
| Last Update | Nov. 14, 2024, 4:56 a.m. |
| CVSS3.1 : MEDIUM | |
| スコア | 4.3 |
|---|---|
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 低 |
| 攻撃に必要な特権レベル(PR) | 低 |
| 利用者の関与(UI) | 不要 |
| 影響の想定範囲(S) | 変更なし |
| 機密性への影響(C) | なし |
| 完全性への影響(I) | 低 |
| 可用性への影響(A) | なし |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:* | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:* | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:* | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:* | ||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:* | ||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:* | ||||
| Configuration7 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:* | ||||
| Configuration8 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:* | ||||
| Configuration9 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:* | ||||
| Configuration10 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:* | ||||
| Configuration11 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m874-3_\(cn\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m874-3_\(cn\):-:*:*:*:*:*:*:* | ||||
| Configuration12 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:* | ||||
| Configuration13 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:* | ||||
| Configuration14 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:* | ||||
| Configuration15 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration16 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:* | ||||
| Configuration17 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:* | ||||
| Configuration18 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:* | ||||
| Configuration19 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration20 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:* | ||||
| Configuration21 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:* | ||||
| Configuration22 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:* | ||||
| Configuration23 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:* | ||||
| Configuration24 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:* | ||||
| Configuration25 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_s615_eec_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_s615_eec:-:*:*:*:*:*:*:* | ||||
| Configuration26 | or higher | or less | more than | less than | |
| cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:* | 8.2 | ||||
| execution environment | |||||
| 1 | cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:* | ||||
| Title | 複数のシーメンス製品におけるパストラバーサルの脆弱性 |
|---|---|
| Summary | ruggedcom rm1224 lte(4g) eu ファームウェア、ruggedcom rm1224 lte(4g) nam ファームウェア、scalance m804pb ファームウェア等複数のシーメンス製品には、パストラバーサルの脆弱性が存在します。 |
| Possible impacts | 情報を改ざんされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Nov. 12, 2024, midnight |
| Registration Date | Nov. 14, 2024, 10:35 a.m. |
| Last Update | Nov. 19, 2024, 3:05 p.m. |
| シーメンス |
| ruggedcom rm1224 lte(4g) eu ファームウェア 8.2 未満 |
| ruggedcom rm1224 lte(4g) nam ファームウェア 8.2 未満 |
| scalance m804pb ファームウェア 8.2 未満 |
| scalance m812-1 (annex a) ファームウェア 8.2 未満 |
| scalance m812-1 (annex b) ファームウェア 8.2 未満 |
| scalance m816-1 (annex a) ファームウェア 8.2 未満 |
| scalance m816-1 (annex b) ファームウェア 8.2 未満 |
| scalance m826-2 ファームウェア 8.2 未満 |
| scalance m874-2 ファームウェア 8.2 未満 |
| scalance m874-3 (cn) ファームウェア 8.2 未満 |
| scalance m874-3 ファームウェア 8.2 未満 |
| scalance m876-3 (rok) ファームウェア 8.2 未満 |
| scalance m876-3 ファームウェア 8.2 未満 |
| scalance m876-4 (eu) ファームウェア 8.2 未満 |
| scalance m876-4 (nam) ファームウェア 8.2 未満 |
| scalance m876-4 ファームウェア 8.2 未満 |
| scalance mum853-1 (a1) ファームウェア 8.2 未満 |
| scalance mum853-1 (b1) ファームウェア 8.2 未満 |
| scalance mum853-1 (eu) ファームウェア 8.2 未満 |
| scalance mum856-1 (a1) ファームウェア 8.2 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2024年11月14日] 掲載 |
Nov. 14, 2024, 10:35 a.m. |
| 2 | [2024年11月19日] 参考情報:JVN (JVNVU#96191615) を追加 参考情報:ICS-CERT ADVISORY (ICSA-24-319-06) を追加 |
Nov. 18, 2024, 4:42 p.m. |