CVE-2024-50560

LOW
Published Nov 12, 2024 Modified Feb 11, 2025 CWE-20

Description

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity.

CVSS v3.1 Score

3.1
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-20 Improper Input Validation

Affected Products

Vendor Product
siemens ruggedcom_rm1224_lte\(4g\)_eu_firmware
siemens ruggedcom_rm1224_lte\(4g\)_eu
siemens ruggedcom_rm1224_lte\(4g\)_nam_firmware
siemens ruggedcom_rm1224_lte\(4g\)_nam
siemens scalance_m804pb_firmware
siemens scalance_m804pb
siemens scalance_m812-1_\(annex_a\)_firmware
siemens scalance_m812-1_\(annex_a\)
siemens scalance_m812-1_\(annex_b\)_firmware
siemens scalance_m812-1_\(annex_b\)
siemens scalance_m816-1_\(annex_a\)_firmware
siemens scalance_m816-1_\(annex_a\)
siemens scalance_m816-1_\(annex_b\)_firmware
siemens scalance_m816-1_\(annex_b\)
siemens scalance_m826-2_firmware
siemens scalance_m826-2
siemens scalance_m874-2_firmware
siemens scalance_m874-2
siemens scalance_m874-3_firmware
siemens scalance_m874-3
siemens scalance_m874-3_\(cn\)_firmware
siemens scalance_m874-3_\(cn\)
siemens scalance_m876-3_firmware
siemens scalance_m876-3
siemens scalance_m876-3_\(rok\)_firmware
siemens scalance_m876-3_\(rok\)
siemens scalance_m876-4_firmware
siemens scalance_m876-4
siemens scalance_m876-4_\(eu\)_firmware
siemens scalance_m876-4_\(eu\)
siemens scalance_m876-4_\(nam\)_firmware
siemens scalance_m876-4_\(nam\)
siemens scalance_mum853-1_\(a1\)_firmware
siemens scalance_mum853-1_\(a1\)
siemens scalance_mum853-1_\(b1\)_firmware
siemens scalance_mum853-1_\(b1\)
siemens scalance_mum853-1_\(eu\)_firmware
siemens scalance_mum853-1_\(eu\)
siemens scalance_mum856-1_\(a1\)_firmware
siemens scalance_mum856-1_\(a1\)
siemens scalance_mum856-1_\(b1\)_firmware
siemens scalance_mum856-1_\(b1\)
siemens scalance_mum856-1_\(cn\)_firmware
siemens scalance_mum856-1_\(cn\)
siemens scalance_mum856-1_\(eu\)_firmware
siemens scalance_mum856-1_\(eu\)
siemens scalance_mum856-1_\(row\)_firmware
siemens scalance_mum856-1_\(row\)
siemens scalance_s615_eec_firmware
siemens scalance_s615_eec
siemens scalance_s615_firmware
siemens scalance_s615

References

Frequently Asked Questions

What is CVE-2024-50560? +
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity. It has a CVSS v3.1 base score of 3.1 (LOW).
How severe is CVE-2024-50560? +
CVE-2024-50560 has a CVSS v3.1 score of 3.1 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2024-50560? +
CVE-2024-50560 affects products from siemens, specifically: ruggedcom_rm1224_lte\(4g\)_eu, ruggedcom_rm1224_lte\(4g\)_eu_firmware, ruggedcom_rm1224_lte\(4g\)_nam, ruggedcom_rm1224_lte\(4g\)_nam_firmware, scalance_m804pb, scalance_m804pb_firmware, scalance_m812-1_\(annex_a\), scalance_m812-1_\(annex_a\)_firmware, scalance_m812-1_\(annex_b\), scalance_m812-1_\(annex_b\)_firmware, scalance_m816-1_\(annex_a\), scalance_m816-1_\(annex_a\)_firmware, scalance_m816-1_\(annex_b\), scalance_m816-1_\(annex_b\)_firmware, scalance_m826-2, scalance_m826-2_firmware, scalance_m874-2, scalance_m874-2_firmware, scalance_m874-3, scalance_m874-3_\(cn\), scalance_m874-3_\(cn\)_firmware, scalance_m874-3_firmware, scalance_m876-3, scalance_m876-3_\(rok\), scalance_m876-3_\(rok\)_firmware, scalance_m876-3_firmware, scalance_m876-4, scalance_m876-4_\(eu\), scalance_m876-4_\(eu\)_firmware, scalance_m876-4_\(nam\), scalance_m876-4_\(nam\)_firmware, scalance_m876-4_firmware, scalance_mum853-1_\(a1\), scalance_mum853-1_\(a1\)_firmware, scalance_mum853-1_\(b1\), scalance_mum853-1_\(b1\)_firmware, scalance_mum853-1_\(eu\), scalance_mum853-1_\(eu\)_firmware, scalance_mum856-1_\(a1\), scalance_mum856-1_\(a1\)_firmware, scalance_mum856-1_\(b1\), scalance_mum856-1_\(b1\)_firmware, scalance_mum856-1_\(cn\), scalance_mum856-1_\(cn\)_firmware, scalance_mum856-1_\(eu\), scalance_mum856-1_\(eu\)_firmware, scalance_mum856-1_\(row\), scalance_mum856-1_\(row\)_firmware, scalance_s615, scalance_s615_eec, scalance_s615_eec_firmware, scalance_s615_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-50560? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-50560 — free, no signup required.

Start Free Scan