CVE-2025-23384

EPSS 0.06%
Veröffentlicht 11.03.2025 09:48:08
Zuletzt bearbeitet 11.03.2025 10:15:16
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.2.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2.1), SCALANCE MUB852-1 (A1) (6GK5852-1EA10-1AA1) (All versions < V8.2.1), SCALANCE MUB852-1 (B1) (6GK5852-1EA10-1BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2.1), SCALANCE SC-600 family (All versions). Affected devices improperly validate usernames during OpenVPN authentication. This could allow an attacker to get partial invalid usernames accepted by the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSiemens

≫

Produkt RUGGEDCOM RM1224 LTE(4G) EU

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt RUGGEDCOM RM1224 LTE(4G) NAM

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M804PB

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M812-1 ADSL-Router family

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M816-1 ADSL-Router family

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M826-2 SHDSL-Router

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M874-2

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M874-3

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M874-3 3G-Router (CN)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M876-3

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M876-3 (ROK)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M876-4

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M876-4 (EU)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE M876-4 (NAM)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUB852-1 (A1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUB852-1 (B1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM853-1 (A1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM853-1 (B1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM853-1 (EU)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM856-1 (A1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM856-1 (B1)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM856-1 (CN)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM856-1 (EU)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE MUM856-1 (RoW)

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE S615 EEC LAN-Router

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE S615 LAN-Router

Default Statusunknown

Version < V8.2.1

Version 0

Status affected

HerstellerSiemens

≫

Produkt SCALANCE SC-600 family

Default Statusunknown

Version < *

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
productcert@siemens.com	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-187 Partial String Comparison

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses.

https://cert-portal.siemens.com/productcert/html/ssa-280834.html

https://nvd.nist.gov/vuln/detail/CVE-2025-23384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23384

EUVD