Denial of Service in RUGGEDCOM and SCALANCE Products by Siemens
CVE-2022-31766

8.6HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 11 October 2022

What is CVE-2022-31766?

A vulnerability has been found in select RUGGEDCOM and SCALANCE devices, where enabling TCP Event service can lead to improper handling of malformed packets. This can lead to an unauthenticated remote attacker causing a denial of service, resulting in device reboot and potential impact on network resources. Users are encouraged to update to versions V7.1.2 or higher to mitigate this risk.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-69714...

https://cert-portal.siemens.com/productcert/html/ssa-6971...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2022
Vulnerability Reserved
May 27, 2022