Denial of Service Vulnerability in Siemens Products due to SSL/TLS Parameter Handling
CVE-2022-36324
7.5HIGH
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 10 August 2022
What is CVE-2022-36324?
A vulnerability exists in certain Siemens devices where improper handling of SSL/TLS parameter renegotiation can be exploited by unauthenticated remote attackers. This vulnerability allows attackers to bypass built-in TCP brute force prevention mechanisms, potentially leading to a denial of service condition. As a result, affected devices may become unresponsive for an extended period during the attack, impacting availability and service continuity.
Affected Version(s)
RUGGEDCOM RM1224 LTE(4G) EU All versions < V7.1.2
RUGGEDCOM RM1224 LTE(4G) NAM All versions < V7.1.2
SCALANCE M804PB All versions < V7.1.2