Input Validation Vulnerability in iperf Functionality Could Allow Arbitrary Code Execution
CVE-2024-50557

9.8CRITICAL

Key Information:

Vendor

Siemens
Status
Ruggedcom Rm1224 Lte(4g) Eu
Ruggedcom Rm1224 Lte(4g) Nam
Scalance M804pb
Scalance M812-1 Adsl-router
Vendor
CVE Published:
12 November 2024

What is CVE-2024-50557?

A significant input validation issue has been discovered in various RUGGEDCOM RM1224 and SCALANCE M-series devices produced by Siemens. The flaw resides in the configuration fields related to the iperf functionality, which do not validate inputs properly. This oversight could enable an unauthorized remote attacker to execute arbitrary code on the affected devices, presenting serious security concerns for networks using these products. Immediate action is recommended to mitigate potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3541...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.