Multiple Third-Party Component Vulnerabilities in RUGGEDCOM and SCALANCE Products before V7.2
Act Now9.8SSA-419740Mar 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple third-party component vulnerabilities exist in RUGGEDCOM and SCALANCE industrial routers and cellular gateways. Affected components include Busybox, Linux Kernel, OpenSSL, OpenVPN, and others. The vulnerabilities include improper neutralization of special elements, command injection vectors, denial of service conditions, and authentication bypass issues. These vulnerabilities allow code injection and denial of service attacks through various input handling and command processing flaws.
What this means
What could happen
An attacker on the network could exploit these vulnerabilities to run arbitrary commands on the router, disrupt communications between remote facilities and the control center, or access sensitive configuration data. This could cause loss of connectivity to field sites, interruption of SCADA communications, or compromise of credentials used for remote operations.
Who's at risk
Water authorities and utilities using RUGGEDCOM cellular gateways (RM1224) for remote site connectivity or SCALANCE industrial routers (M8xx, MUM8xx, S615 series) for WAN/cellular backhaul to SCADA systems, RTUs, or remote terminal units. These devices are critical for maintaining connectivity between control centers and distributed field equipment.
How it could be exploited
An attacker with network access to the router (which manages ICS connectivity) could send specially crafted network requests or configuration commands that exploit command injection, buffer overflow, or authentication bypass flaws in Busybox, the Linux kernel, or OpenSSL. The attacker could then execute arbitrary commands with router privileges, allowing them to modify routing behavior, intercept traffic, or disconnect remote field equipment from the control network.
Prerequisites
- Network access to the affected router (typically on the industrial network or DMZ)
- No authentication required for some exploitation vectors based on CVSS vector AV:N/PR:N
- The router must be running firmware version prior to V7.2
Remotely exploitableNo authentication requiredLow complexityActively exploited (KEV)EPSS score 88.3% (very high exploit probability)Affects critical network infrastructureMultiple vulnerability classes including code injection and denial of service
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (20)
20 with fix
ProductAffected VersionsFix Status
RUGGEDCOM RM1224 LTE(4G) EU< V7.27.2
RUGGEDCOM RM1224 LTE(4G) NAM< V7.27.2
SCALANCE M804PB< V7.27.2
SCALANCE M812-1 ADSL-Router (Annex A)< V7.27.2
SCALANCE M812-1 ADSL-Router (Annex B)< V7.27.2
Remediation & Mitigation
0/2
Do now
0/2RUGGEDCOM RM1224 LTE(4G) EU
HOTFIXUpdate RUGGEDCOM RM1224 LTE(4G) EU and NAM, and all SCALANCE products to firmware version 7.2 or later
All products
HARDENINGDuring patching, segregate affected routers from operational networks if possible, or schedule updates during low-traffic windows to avoid communication loss to remote sites
CVEs (65)
CVE-2018-25032CVE-2019-1125CVE-2021-4034CVE-2021-4149CVE-2021-26401CVE-2021-42373CVE-2021-42374CVE-2021-42375CVE-2021-42376CVE-2021-42377CVE-2021-42378CVE-2021-42379CVE-2021-42380CVE-2021-42381CVE-2021-42382CVE-2021-42383CVE-2021-42384CVE-2021-42385CVE-2021-42386CVE-2022-0001CVE-2022-0002CVE-2022-0494CVE-2022-0547CVE-2022-1011CVE-2022-1016CVE-2022-1198CVE-2022-1199CVE-2022-1292CVE-2022-1304CVE-2022-1343CVE-2022-1353CVE-2022-1473CVE-2022-1516CVE-2022-1652CVE-2022-1729CVE-2022-1734CVE-2022-1974CVE-2022-1975CVE-2022-2380CVE-2022-2588CVE-2022-2639CVE-2022-20158CVE-2022-23036CVE-2022-23037CVE-2022-23038CVE-2022-23039CVE-2022-23040CVE-2022-23041CVE-2022-23042CVE-2022-23308CVE-2022-26490CVE-2022-28356CVE-2022-28390CVE-2022-30065CVE-2022-30594CVE-2022-32205CVE-2022-32206CVE-2022-32207CVE-2022-32208CVE-2022-32296CVE-2022-32981CVE-2022-33981CVE-2022-35252CVE-2022-36879CVE-2022-36946
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e8ffd710-d3ba-4581-bf8d-e8dfb11e2be0