CVE-2022-34821

Summary

CVE	CVE-2022-34821
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-12 10:15:00 UTC
Updated	2023-10-10 11:15:00 UTC
Description	A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	Simatic Cp 1242-7 V2	-	All	All	All
Operating System	Siemens	Simatic Cp 1242-7 V2 Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1243-1	-	All	All	All
Operating System	Siemens	Simatic Cp 1243-1 Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1243-7 Lte Eu	-	All	All	All
Operating System	Siemens	Simatic Cp 1243-7 Lte Eu Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1243-7 Lte Us	-	All	All	All
Operating System	Siemens	Simatic Cp 1243-7 Lte Us Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1243-8 Irc	-	All	All	All
Operating System	Siemens	Simatic Cp 1243-8 Irc Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1542sp-1 Irc	-	All	All	All
Operating System	Siemens	Simatic Cp 1542sp-1 Irc Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1543-1	-	All	All	All
Operating System	Siemens	Simatic Cp 1543-1 Firmware	All	All	All	All
Hardware	Siemens	Simatic Cp 1543sp-1	-	All	All	All
Operating System	Siemens	Simatic Cp 1543sp-1 Firmware	All	All	All	All
Hardware	Siemens	Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail	-	All	All	All
Operating System	Siemens	Siplus Et 200sp Cp 1542sp-1 Irc Tx Rail Firmware	All	All	All	All
Hardware	Siemens	Siplus Et 200sp Cp 1543sp-1 Isec	-	All	All	All
Operating System	Siemens	Siplus Et 200sp Cp 1543sp-1 Isec Firmware	All	All	All	All
Hardware	Siemens	Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail	-	All	All	All
Operating System	Siemens	Siplus Et 200sp Cp 1543sp-1 Isec Tx Rail Firmware	All	All	All	All
Hardware	Siemens	Siplus Net Cp 1242-7 V2	-	All	All	All
Operating System	Siemens	Siplus Net Cp 1242-7 V2 Firmware	All	All	All	All
Hardware	Siemens	Siplus Net Cp 1543-1	-	All	All	All
Operating System	Siemens	Siplus Net Cp 1543-1 Firmware	All	All	All	All
Hardware	Siemens	Siplus S7-1200 Cp 1243-1	-	All	All	All
Operating System	Siemens	Siplus S7-1200 Cp 1243-1 Firmware	All	All	All	All
Hardware	Siemens	Siplus S7-1200 Cp 1243-1 Rail	-	All	All	All
Operating System	Siemens	Siplus S7-1200 Cp 1243-1 Rail Firmware	All	All	All	All

References

Reference	Source	Link	Tags
N/A	CONFIRM	cert-portal.siemens.com
cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf	CONFIRM	cert-portal.siemens.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591081 Siemens SIMATIC CP Devices Multiple Vulnerabilities (SSA-517377) (ICSA-22-195-12)