Description
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
References (3)
Core 3
Scores
CVSS v3
9.1
EPSS
0.0056
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-74
Status
published
Products (50)
Siemens/RUGGEDCOM RM1224 LTE(4G) EU
< V7.1.2
Siemens/RUGGEDCOM RM1224 LTE(4G) NAM
< V7.1.2
Siemens/SCALANCE M804PB
< V7.1.2
Siemens/SCALANCE M812-1 ADSL-Router
< V7.1.2
Siemens/SCALANCE M816-1 ADSL-Router
< V7.1.2
Siemens/SCALANCE M826-2 SHDSL-Router
< V7.1.2
Siemens/SCALANCE M874-2
< V7.1.2
Siemens/SCALANCE M874-3
< V7.1.2
Siemens/SCALANCE M876-3
< V7.1.2
Siemens/SCALANCE M876-3 (ROK)
< V7.1.2
... and 40 more
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026