阿里云漏洞库

漏洞描述

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 (All versions >= V1.1.0), SCALANCE WAM766-1 6GHz (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC (All versions >= V1.1.0), SCALANCE WAM766-1 EEC 6GHz (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM763-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 (All versions >= V1.1.0), SCALANCE WUM766-1 6GHz (All versions >= V1.1.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service and reboot the device thus possibly affecting other network resources.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	siemens	ruggedcom_rm1224_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m804pb_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m812-1_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m816-1_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m826-2_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m874-2_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m874-3_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m876-3_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_m876-4_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_mum853-1_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_mum856-1_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_s615_firmware	*		Up to (excluding) 7.1.2
	运行在以下环境
	系统	siemens	scalance_wam763-1_firmware	*	From (including) 1.1.0
	运行在以下环境
	系统	siemens	scalance_wam766-1_firmware	*	From (including) 1.1.0
	运行在以下环境
	系统	siemens	scalance_wum763-1_firmware	*	From (including) 1.1.0
	运行在以下环境
	系统	siemens	scalance_wum766-1_firmware	*	From (including) 1.1.0
	运行在以下环境
	硬件	siemens	ruggedcom_rm1224	-	-
	运行在以下环境
	硬件	siemens	scalance_m804pb	-	-
	运行在以下环境
	硬件	siemens	scalance_m812-1	-	-
	运行在以下环境
	硬件	siemens	scalance_m816-1	-	-
	运行在以下环境
	硬件	siemens	scalance_m826-2	-	-
	运行在以下环境
	硬件	siemens	scalance_m874-2	-	-
	运行在以下环境
	硬件	siemens	scalance_m874-3	-	-
	运行在以下环境
	硬件	siemens	scalance_m876-3	-	-
	运行在以下环境
	硬件	siemens	scalance_m876-4	-	-
	运行在以下环境
	硬件	siemens	scalance_mum853-1	-	-
	运行在以下环境
	硬件	siemens	scalance_mum856-1	-	-
	运行在以下环境
	硬件	siemens	scalance_s615	-	-
	运行在以下环境
	硬件	siemens	scalance_wam763-1	-	-
	运行在以下环境
	硬件	siemens	scalance_wam766-1	-	-
	运行在以下环境
	硬件	siemens	scalance_wum763-1	-	-
	运行在以下环境
硬件	siemens	scalance_wum766-1	-	-

攻击路径

网络
攻击复杂度

低
权限要求

无
影响范围

已更改
用户交互

无
可用性

高
保密性

无
完整性

无

CWE-ID	漏洞类型
CWE-20	输入验证不恰当

siemens ruggedcom_rm1224_firmware 输入验证不恰当

漏洞描述

解决建议

参考链接

受影响软件情况