CVE-2024-50557

Improper Input Validation (CWE-20)

Published: Nov 12, 2024 / Updated: 7d ago

010
CVSS 8.6EPSS 0.07%High
CVE info copied to clipboard

Summary

A vulnerability has been identified in multiple Siemens RUGGEDCOM and SCALANCE devices running firmware versions prior to V8.2. The affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device.

Impact

This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the affected devices. Given the nature of these industrial communication devices, successful exploitation could lead to unauthorized control of industrial networks, potential disruption of operations, and compromise of sensitive data. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical), indicating a severe risk with high impacts on confidentiality, integrity, and availability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Siemens has released firmware version 8.2 which addresses this vulnerability. Users are strongly advised to update their devices to this version.

Mitigation

1. Update all affected devices to firmware version 8.2 or later. 2. If immediate patching is not possible, implement network segmentation and restrict access to the affected devices. 3. Monitor for any suspicious activities or unauthorized access attempts to these devices. 4. Disable the iperf functionality if it's not required for operations. 5. Implement strong access controls and authentication mechanisms for device management interfaces. 6. Regularly review and audit device configurations and access logs.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-50557

Nov 12, 2024 at 1:15 PM
CVSS

A CVSS base score of 7.2 has been assigned.

Nov 12, 2024 at 1:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-50557. See article

Nov 12, 2024 at 1:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 12, 2024 at 1:24 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 13, 2024 at 8:00 PM / nvd
EPSS

EPSS Score was set to: 0.07% (Percentile: 30.4%)

Nov 13, 2024 at 8:00 PM
Threat Intelligence Report

CVE-2024-50557 is a vulnerability with a CVSS v3 base score of 7.2 and a CVSS v4 base score of 8.6, indicating a significant level of criticality. The details provided do not specify whether it is actively exploited in the wild, nor do they mention the availability of proof-of-concept exploits, mitigations, detections, or patches. Additionally, there is no information regarding potential downstream impacts on third-party vendors or technology. See article

Nov 14, 2024 at 2:42 PM
Static CVE Timeline Graph

Affected Systems

Siemens/scalance_mum853-1_\(eu\)_firmware
+null more

Patches

cert-portal.siemens.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

References

Siemens SCALANCE M-800 Family
Vulnerabilities : Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Excessive Iteration, Use After Free, Improper Output Neutralization for Logs, Observable Discrepancy, Improper Locking, Missing Release of Resource after Effective Lifetime, Improper Input Validation, Improper Access Control, Path Traversal, Cross-site Scripting, Injection Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use).

News

Siemens SCALANCE M-800 Family
Vulnerabilities : Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparound, Uncontrolled Resource Consumption, Excessive Iteration, Use After Free, Improper Output Neutralization for Logs, Observable Discrepancy, Improper Locking, Missing Release of Resource after Effective Lifetime, Improper Input Validation, Improper Access Control, Path Traversal, Cross-site Scripting, Injection Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use).
Siemens (CVE-2024-50557)
This could allow an unauthenticated remote attacker to execute arbitrary code on the device. Tenable OT Security Plugin ID 502659 with Critical Severity
Tenable.ot checks for NVD CVE-2024-50557
Testing Last Updated: 11/13/2024 CVEs: CVE-2024-50557
High - CVE-2024-50557 - A vulnerability has been identified in...
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE...
CVE-2024-50557 | Siemens RUGGEDCOM RM1224 LTE(4G) EU up to 8.1 iperf input validation (ssa-354112)
A vulnerability, which was classified as critical , has been found in Siemens RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL-Router, SCALANCE M816-1 ADSL-Router, SCALANCE M826-2 SHDSL-Router, SCALANCE M874-2, SCALANCE M874-3, SCALANCE M874-3 3G-Router (CN), SCALANCE M876-3, SCALANCE M876-3 (ROK), SCALANCE M876-4, SCALANCE M876-4 (EU), SCALANCE M876-4 (NAM), SCALANCE MUM853-1 (A1), SCALANCE MUM853-1 (B1), SCALANCE MUM853-1 (EU), SCALANCE MUM856-1 (A1), SCALANCE MUM856-1 (B1), SCALANCE MUM856-1 (CN), SCALANCE MUM856-1 (EU), SCALANCE MUM856-1 (RoW), SCALANCE S615 EEC LAN-Router and SCALANCE S615 LAN-Router up to 8.1 . This issue affects some unknown processing of the component iperf . The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-50557 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI