Vulnerability Details : CVE-2022-31766
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.1.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.1.2), SCALANCE M874-2 (All versions < V7.1.2), SCALANCE M874-3 (All versions < V7.1.2), SCALANCE M876-3 (EVDO) (All versions < V7.1.2), SCALANCE M876-3 (ROK) (All versions < V7.1.2), SCALANCE M876-4 (All versions < V7.1.2), SCALANCE M876-4 (EU) (All versions < V7.1.2), SCALANCE M876-4 (NAM) (All versions < V7.1.2), SCALANCE MUM853-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (EU) (All versions < V7.1.2), SCALANCE MUM856-1 (RoW) (All versions < V7.1.2), SCALANCE S615 (All versions < V7.1.2), SCALANCE S615 EEC (All versions < V7.1.2), SCALANCE WAM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 (US) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WAM766-1 EEC (US) (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM763-1 (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (EU) (All versions >= V1.1.0 < V2.0), SCALANCE WUM766-1 (US) (All versions >= V1.1.0 < V2.0). Affected devices with TCP Event service enabled do not properly handle malformed packets. This could allow an unauthenticated remote attacker to cause a denial of service condition and reboot the device thus possibly affecting other network resources.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2022-31766
- cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_wam763-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_wam766-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_wam766-1_firmware:*:*:*:*:*:*:ecc:*
- cpe:2.3:o:siemens:scalance_wum763-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_wum766-1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_mum853-1_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-31766
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-31766
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
Siemens AG |
CWE ids for CVE-2022-31766
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: productcert@siemens.com (Primary)
References for CVE-2022-31766
-
https://cert-portal.siemens.com/productcert/pdf/ssa-697140.pdf
Vendor Advisory
Jump to