Input Validation Vulnerability in iperf Functionality Could Allow Arbitrary Code Execution
CVE-2024-50557

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-50557?

A significant input validation issue has been discovered in various RUGGEDCOM RM1224 and SCALANCE M-series devices produced by Siemens. The flaw resides in the configuration fields related to the iperf functionality, which do not validate inputs properly. This oversight could enable an unauthorized remote attacker to execute arbitrary code on the affected devices, presenting serious security concerns for networks using these products. Immediate action is recommended to mitigate potential exploits.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3541...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024
Vulnerability Reserved
Oct 24, 2024