CVE-2024-50561

MEDIUM EPSS 19.3%
Published Nov 12, 20241y ago · Modified Jun 17, 20261w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Nov 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
19.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 52

VendorProductVersionRange
siemensruggedcom_rm1224_lte\(4g\)_eu_firmware* <8.2
siemensruggedcom_rm1224_lte\(4g\)_eu*any
siemensruggedcom_rm1224_lte\(4g\)_nam_firmware* <8.2
siemensruggedcom_rm1224_lte\(4g\)_nam*any
siemensscalance_m804pb_firmware* <8.2
siemensscalance_m804pb*any
siemensscalance_m812-1_\(annex_a\)_firmware* <8.2
siemensscalance_m812-1_\(annex_a\)*any
siemensscalance_m812-1_\(annex_b\)_firmware* <8.2
siemensscalance_m812-1_\(annex_b\)*any
siemensscalance_m816-1_\(annex_a\)_firmware* <8.2
siemensscalance_m816-1_\(annex_a\)*any
siemensscalance_m816-1_\(annex_b\)_firmware* <8.2
siemensscalance_m816-1_\(annex_b\)*any
siemensscalance_m826-2_firmware* <8.2
siemensscalance_m826-2*any
siemensscalance_m874-2_firmware* <8.2
siemensscalance_m874-2*any
siemensscalance_m874-3_firmware* <8.2
siemensscalance_m874-3*any
siemensscalance_m874-3_\(cn\)_firmware* <8.2
siemensscalance_m874-3_\(cn\)*any
siemensscalance_m876-3_firmware* <8.2
siemensscalance_m876-3*any
siemensscalance_m876-3_\(rok\)_firmware* <8.2
siemensscalance_m876-3_\(rok\)*any
siemensscalance_m876-4_firmware* <8.2
siemensscalance_m876-4*any
siemensscalance_m876-4_\(eu\)_firmware* <8.2
siemensscalance_m876-4_\(eu\)*any
siemensscalance_m876-4_\(nam\)_firmware* <8.2
siemensscalance_m876-4_\(nam\)*any
siemensscalance_mum853-1_\(a1\)_firmware* <8.2
siemensscalance_mum853-1_\(a1\)*any
siemensscalance_mum853-1_\(b1\)_firmware* <8.2
siemensscalance_mum853-1_\(b1\)*any
siemensscalance_mum853-1_\(eu\)_firmware* <8.2
siemensscalance_mum853-1_\(eu\)*any
siemensscalance_mum856-1_\(a1\)_firmware* <8.2
siemensscalance_mum856-1_\(a1\)*any
siemensscalance_mum856-1_\(b1\)_firmware* <8.2
siemensscalance_mum856-1_\(b1\)*any
siemensscalance_mum856-1_\(cn\)_firmware* <8.2
siemensscalance_mum856-1_\(cn\)*any
siemensscalance_mum856-1_\(eu\)_firmware* <8.2
siemensscalance_mum856-1_\(eu\)*any
siemensscalance_mum856-1_\(row\)_firmware* <8.2
siemensscalance_mum856-1_\(row\)*any
siemensscalance_s615_eec_firmware* <8.2
siemensscalance_s615_eec*any
siemensscalance_s615_firmware* <8.2
siemensscalance_s615*any

References 2

Remediation