Denial of Service in RUGGEDCOM and SCALANCE Products by Siemens
CVE-2022-31766
8.6HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 11 October 2022
What is CVE-2022-31766?
A vulnerability has been found in select RUGGEDCOM and SCALANCE devices, where enabling TCP Event service can lead to improper handling of malformed packets. This can lead to an unauthenticated remote attacker causing a denial of service, resulting in device reboot and potential impact on network resources. Users are encouraged to update to versions V7.1.2 or higher to mitigate this risk.
Affected Version(s)
RUGGEDCOM RM1224 LTE(4G) EU 0
RUGGEDCOM RM1224 LTE(4G) NAM 0
SCALANCE M804PB 0