Skip to main content

Scalance S615 Firmware

22 CVEs product

Monthly

CVE-2024-50572 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
8.6
EPSS
0.6%
CVE-2024-50561 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-50560 LOW PATCH Monitor

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-50559 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
5.1
EPSS
0.3%
CVE-2024-50558 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siemens Denial Of Service Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +24
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-50557 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware +23
NVD
CVSS 4.0
8.6
EPSS
0.9%
CVE-2022-46143 MEDIUM This Month

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2022-46142 MEDIUM This Month

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.2
EPSS
0.3%
CVE-2022-46140 HIGH This Week

Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2022-31766 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Ruggedcom Rm1224 Firmware Scalance M804Pb Firmware Scalance M812 1 Firmware +13
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2022-36325 MEDIUM CISA This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-36324 HIGH CISA Act Now

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scalance M 800 Firmware Scalance S615 Firmware Scalance W700 Ieee 802 11Ax Firmware Scalance W700 Ieee 802 11N Firmware +80
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-36323 CRITICAL PATCH CISA Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2021-25676 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Firmware Scalance M 800 Firmware Scalance S615 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25667 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Siemens Ruggedcom Rm1224 Firmware +14
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2018-5391 HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +48
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2017-2681 HIGH This Week

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware Simatic Cp 343 1 Adv Firmware Simatic Cp 443 1 Std Firmware +75
NVD
CVSS 4.0
7.1
EPSS
0.4%
CVE-2017-2680 HIGH This Week

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware Simatic Cp 343 1 Adv Firmware Simatic Cp 443 1 Std Firmware +89
NVD
CVSS 4.0
7.1
EPSS
2.3%
CVE-2016-7090 MEDIUM This Month

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens Scalance M 800 Firmware Scalance S615 Firmware
NVD
CVSS 3.0
4.0
EPSS
0.3%
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable.

Information Disclosure Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siemens Denial Of Service +26
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity.

RCE Siemens Ruggedcom Rm1224 Lte 4G Eu Firmware +25
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Siemens Ruggedcom Rm1224 Firmware +15
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 1% CVSS 7.5
HIGH Act Now

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Scalance M 800 Firmware Scalance S615 Firmware +82
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 6% CVSS 3.7
LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions >= V2.1 and < V2.1.3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Ruggedcom Rm1224 Firmware +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +16
NVD VulDB
EPSS 25% CVSS 7.5
HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +50
NVD
EPSS 58% 5.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service +22
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH This Week

Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware +77
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Simatic Cp 343 1 Std Firmware Simatic Cp 343 1 Lean Firmware +91
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens Scalance M 800 Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy