Siemens SCALANCE M-800/S615系列操作系统命令注入漏洞
SCALANCE M-800、MUM-800和S615以及RUGGEDCOM RM1224都是工业路由器。
一、漏洞分析
公开日期:2023-12-13
漏洞编号:CNVD-2023-97257/CVE-2023-49692
危害等级:高危
漏洞描述:Siemens SCALANCE M-800/S615系列存在操作系统命令注入漏洞,攻击者可利用该漏洞通过恶意的本地管理员在建立新连接后在系统上执行命令。
二、漏洞影响产品
Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) < V7.2.2
Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) < V7.2.2
Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2) < V7.2.2
Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) < V7.2.2
Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) < V7.2.2
Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) < V7.2.2
Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) < V7.2.2
Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) < V7.2.2
Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2) < V7.2.2
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2) < V7.2.2
Siemens SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) < V7.2.2
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) < V7.2.2
Siemens SCALANCE M876-4 (6GK5876-4AA10-2BA2) < V7.2.2
Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) < V7.2.2
Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) < V7.2.2
Siemens SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) < V7.2.2
Siemens SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) < V7.2.2
Siemens SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) < V7.2.2
Siemens SCALANCE S615 (6GK5615-0AA00-2AA2) < V7.2.2
Siemens SCALANCE S615 EEC (6GK5615-0AA01-2AA2) < V7.2.2
三、漏洞处置建议
用户可参考如下供应商提供的安全公告获得补丁信息:
https://cert-portal.siemens.com/productcert/html/ssa-077170.html
