CVE-2022-31766

Published: Oct 11, 2022

Modified: Apr 21, 2025

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V7.1.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V7.1.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V7.1.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V7.1.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V7.1.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V7.1.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V7.1.2), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions >= V1.1.0 < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions >= V1.1.0 < V3.0.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.

Vendor	Product	Versions
Siemens	RUGGEDCOM RM1224 LTE(4G) EU	affected `0 - < V7.1.2`
Siemens	RUGGEDCOM RM1224 LTE(4G) NAM	affected `0 - < V7.1.2`
Siemens	SCALANCE M804PB	affected `0 - < V7.1.2`
Siemens	SCALANCE M812-1 ADSL-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE M812-1 ADSL-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE M816-1 ADSL-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE M816-1 ADSL-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE M826-2 SHDSL-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE M874-2	affected `0 - < V7.1.2`
Siemens	SCALANCE M874-3	affected `0 - < V7.1.2`
Siemens	SCALANCE M876-3	affected `0 - < V7.1.2`
Siemens	SCALANCE M876-3 (ROK)	affected `0 - < V7.1.2`
Siemens	SCALANCE M876-4	affected `0 - < V7.1.2`
Siemens	SCALANCE M876-4 (EU)	affected `0 - < V7.1.2`
Siemens	SCALANCE M876-4 (NAM)	affected `0 - < V7.1.2`
Siemens	SCALANCE MUM853-1 (EU)	affected `0 - < V7.1.2`
Siemens	SCALANCE MUM856-1 (EU)	affected `0 - < V7.1.2`
Siemens	SCALANCE MUM856-1 (RoW)	affected `0 - < V7.1.2`
Siemens	SCALANCE S615 EEC LAN-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE S615 LAN-Router	affected `0 - < V7.1.2`
Siemens	SCALANCE WAM763-1	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WAM766-1	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WAM766-1 (US)	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WAM766-1 EEC	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WAM766-1 EEC (US)	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WUM763-1	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WUM763-1	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WUM766-1	affected `V1.1.0 - < V3.0.0`
Siemens	SCALANCE WUM766-1 (USA)	affected `V1.1.0 - < V3.0.0`

Weaknesses (CWE)

CWE-20

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf

https://cert-portal.siemens.com/productcert/html/ssa-697140.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31766

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References