7.5
CVE-2025-24499
- EPSS 0.23%
- Veröffentlicht 11.02.2025 11:15:16
- Zuletzt bearbeitet 11.02.2025 11:15:16
- Quelle productcert@siemens.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly validate input while loading the configuration files. This could allow an authenticated remote attacker to execute arbitrary shell commands on the device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSiemens
≫
Produkt
SCALANCE WAB762-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM763-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM763-1 (ME)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM763-1 (US)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1 (ME)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1 (US)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1 EEC
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1 EEC (ME)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WAM766-1 EEC (US)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUB762-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUB762-1 iFeatures
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM763-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM763-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM763-1 (US)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM763-1 (US)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM766-1
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM766-1 (ME)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
HerstellerSiemens
≫
Produkt
SCALANCE WUM766-1 (USA)
Default Statusunknown
Version <
V3.0.0
Version
0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.461 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| productcert@siemens.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| productcert@siemens.com | 7.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.