Skip to main content

Scalance Sc636 2C Firmware

10 CVEs product

Monthly

CVE-2022-46143 MEDIUM This Month

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.1
EPSS
0.7%
CVE-2022-46142 MEDIUM This Month

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
5.2
EPSS
0.3%
CVE-2022-46140 HIGH This Week

Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware Scalance M804Pb Firmware Scalance M812 1 Adsl Router Firmware +97
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2022-36325 MEDIUM CISA This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-36323 CRITICAL PATCH CISA Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware Scalance Sc 600 Firmware Scalance Sc622 2C Firmware +86
NVD VulDB
CVSS 3.1
9.1
EPSS
0.5%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-30065 HIGH POC This Week

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption RCE Busybox +6
NVD VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-41991 HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan Debian Linux Fedora +22
NVD GitHub
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-25667 HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow Siemens Ruggedcom Rm1224 Firmware +14
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
EPSS 1% CVSS 5.1
MEDIUM This Month

Affected devices do not check the TFTP blocksize correctly. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Affected devices store the CLI user passwords encrypted in flash memory. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Affected devices use a weak encryption scheme to encrypt the debug zip file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ruggedcom Rm1224 Lte 4G Eu Firmware Ruggedcom Rm1224 Lte 4G Nam Firmware +99
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Affected devices do not properly sanitize data introduced by an user when rendering the web interface. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Affected devices do not properly sanitize an input field. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Scalance M 800 Firmware Scalance S615 Firmware +88
NVD VulDB
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +8
NVD VulDB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan +24
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Stack Overflow +16
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy