SCALANCE M875
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-46143 | 0.00 | — | 0.00 | Dec 13, 2022 | Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data. | |||
| CVE-2022-31766 | 0.00 | — | 0.01 | Oct 11, 2022 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router… | |||
| CVE-2022-34821 | 0.00 | — | 0.01 | Jul 12, 2022 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2),… | |||
| CVE-2020-28400 | 0.00 | — | 0.01 | Jul 13, 2021 | Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. | |||
| CVE-2019-13946 | 0.00 | — | 0.01 | Feb 11, 2020 | Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that… | |||
| CVE-2018-4861 | 0.00 | — | 0.00 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker… | |||
| CVE-2018-4860 | 0.00 | — | 0.01 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web… | |||
| CVE-2018-4859 | 0.00 | — | 0.01 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web… | |||
| CVE-2018-11448 | 0.00 | — | 0.00 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker… | |||
| CVE-2018-11447 | 0.00 | — | 0.00 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by… | |||
| CVE-2018-11449 | 0.00 | — | 0.00 | Jun 26, 2018 | A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow… |
- CVE-2022-46143Dec 13, 2022risk 0.00cvss —epss 0.00
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.
- CVE-2022-31766Oct 11, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router…
- CVE-2022-34821Jul 12, 2022risk 0.00cvss —epss 0.01
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2),…
- CVE-2020-28400Jul 13, 2021risk 0.00cvss —epss 0.01
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial of service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.
- CVE-2019-13946Feb 11, 2020risk 0.00cvss —epss 0.01
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that…
- CVE-2018-4861Jun 26, 2018risk 0.00cvss —epss 0.00
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker…
- CVE-2018-4860Jun 26, 2018risk 0.00cvss —epss 0.01
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web…
- CVE-2018-4859Jun 26, 2018risk 0.00cvss —epss 0.01
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web…
- CVE-2018-11448Jun 26, 2018risk 0.00cvss —epss 0.00
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker…
- CVE-2018-11447Jun 26, 2018risk 0.00cvss —epss 0.00
A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by…
- CVE-2018-11449Jun 26, 2018risk 0.00cvss —epss 0.00
A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow…
Page 2 of 2