Siemens SCALANCE and RUGGEDCOM Incorrect Authorization (CVE-2025-40567)

The Load Rollback functionality in the web interface of affected products contains an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with guest role to make the affected product roll back configuration changes made by privileged users. This plugin...

CVE-2025-40569

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V3.2, SCALANCE XCH328 6GK5328-4TS01-2EC2 All versions V3.2, SCALANCE XCM324 6GK5324-8TS01-2AC2 All versions V3.2, SCALANCE XCM328 6GK5328-4TS01-2AC2 All versions V3.2, SCALANCE XCM332 6GK5332-0GA01-2AC2 All...

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions = V1.1.0 V3.0.0,...

CVE-2022-26649

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46817)

drm/amd/display: Stop amdgpudm initialize when stream nums greater than 6. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504454;...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46819)

drm/amdgpu: the warning dereferencing obj for nbiov74 if rasmanager obj null, don't print NBIO err data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56610)

kcsan: Turn reportfilterlistlock into a rawspinlock, with a KCSAN- enabled PREEMPTRT kernel, we can see splats like sleeping function called from invalid context at kernel/locking/spinlockrt.c:48. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46737)

nvmet-tcp: kernel crash if commands allocation fails. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504475; scriptversion"1.2";...

Siemens SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-50198)

iio: light: veml6030: fix IIO device retrieval from embedded device. The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c client. devtoiiodev must be used to accessthe right data. The...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56642)

tipc: vulnerability in TIPC Transparent Inter-Process Communication involves a use-after-free issue with the UDP kernel socket in cleanupbearer, caused by premature reference count decrements, which is resolved by moving the decrement after releasing the socket. This plugin only works with...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46780)

nilfs2: vulnerability caused by the need for mutual exclusion using nilfs-nssem when accessing superblock buffers in sysfs attribute show methods to prevent issues with pointer dereferencing and memory access. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56747)

scsi: qedi: vulnerability involves a potential memory leak in qediallocandinitsb where the DMA memory sbvirt is not released upon failure, which is fixed by adding dmafreecoherent to free the memory, similar to other functions like qedrallocmemsb and qedeallocmemsb. This plugin only works with...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-45003)

vfs: Some filesystemseg. ext4 with eainode feature, ubifs with xattr may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50201)

linux: drm/radeon: encoder-possibleclones. In the past nothing validated that drivers were populating possibleclones correctly, which resulted in some warnings during driver initialization. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-46702)

thunderbolt: Mark XDomain as unplugged when router is removed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504670; scriptversion"1.3";...

Siemens SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-50269)

usb: musb: sunxi: accessing an released usb phy will cause that usb phy @glue-xceiv is accessed after released. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-3390)

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nftablesapi.c. Mishandled error handling with NFTMSGNEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local...

Siemens SIMATIC and SCALANCE Devices Out-of-bounds Write (CVE-2022-1015)

A flaw was found in the Linux kernel in linux/net/netfilter/nftablesapi.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-0584)

A use-after-free issue was found in igmpstarttimer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak. This plugin only works with...