Siemens Scalance S615 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Siemens Scalance S615 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2017-14491 — CVSS 9.8 (critical): Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2022-36323 — CVSS 9.1 (critical): Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges…
CVE-2021-25667 — CVSS 8.8 (high): A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and <…
CVE-2022-31766 — CVSS 8.6 (high): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G)…
CVE-2020-28400 — CVSS 7.5 (high): Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The…
CVE-2018-5391 — CVSS 7.5 (high): The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP…
CVE-2022-36324 — CVSS 7.5 (high): Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to…
CVE-2021-25676 — CVSS 7.5 (high): A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE S615 (V6.3), SCALANCE SC-600 (All Versions…
CVE-2019-13946 — CVSS 7.5 (high): Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic…
CVE-2024-50572 — CVSS 7.2 (high): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2024-50557 — CVSS 7.2 (high): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2022-36325 — CVSS 6.8 (medium): Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated…
CVE-2017-2681 — CVSS 6.5 (medium): Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service…
CVE-2017-2680 — CVSS 6.5 (medium): Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment…
CVE-2022-46140 — CVSS 6.5 (medium): Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the…
CVE-2021-3449 — CVSS 5.9 (medium): An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation…
CVE-2022-46142 — CVSS 5.7 (medium): Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the…
CVE-2024-50559 — CVSS 4.3 (medium): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2024-50561 — CVSS 4.3 (medium): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2024-50558 — CVSS 4.3 (medium): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2016-7090 — CVSS 4.0 (medium): The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session…
CVE-2021-22924 — CVSS 3.7 (low): libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to…
CVE-2024-50560 — CVSS 3.1 (low): A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM…
CVE-2022-46143 — CVSS 2.7 (low): Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer…