#VU73781 Use-after-free in Siemens products - CVE-2022-20158
Vulnerability identifier: #VU73781
Vulnerability risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-416
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
RUGGEDCOM RM1224 LTE(4G) EU
Hardware solutions /
Routers & switches, VoIP, GSM, etc
RUGGEDCOM RM1224 LTE(4G) NAM
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M804PB
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M812-1 ADSL-Router (Annex A)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M812-1 ADSL-Router (Annex B)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M816-1 ADSL-Router (Annex A)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M816-1 ADSL-Router (Annex B)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M826-2 SHDSL-Router
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M874-2
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M874-3
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M876-3 (EVDO)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M876-3 (ROK)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M876-4
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M876-4 (EU)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE M876-4 (NAM)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE MUM853-1 (EU)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE MUM856-1 (EU)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE MUM856-1 (RoW)
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE S615 EEC
Hardware solutions /
Routers & switches, VoIP, GSM, etc
SCALANCE S615
Hardware solutions /
Firmware
Vendor: Siemens
Description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in bdi_put and bdi_unregister of backing-dev.c. A local administrator can gain elevated privileges on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
RUGGEDCOM RM1224 LTE(4G) EU: before 7.2
RUGGEDCOM RM1224 LTE(4G) NAM: before 7.2
SCALANCE M804PB: before 7.2
SCALANCE M812-1 ADSL-Router (Annex A): before 7.2
SCALANCE M812-1 ADSL-Router (Annex B): before 7.2
SCALANCE M816-1 ADSL-Router (Annex A): before 7.2
SCALANCE M816-1 ADSL-Router (Annex B): before 7.2
SCALANCE M826-2 SHDSL-Router: before 7.2
SCALANCE M874-2: before 7.2
SCALANCE M874-3: before 7.2
SCALANCE M876-3 (EVDO): before 7.2
SCALANCE M876-3 (ROK): before 7.2
SCALANCE M876-4: before 7.2
SCALANCE M876-4 (EU): before 7.2
SCALANCE M876-4 (NAM): before 7.2
SCALANCE MUM853-1 (EU): before 7.2
SCALANCE MUM856-1 (EU): before 7.2
SCALANCE MUM856-1 (RoW): before 7.2
SCALANCE S615: before 7.2
SCALANCE S615 EEC: before 7.2
External links
https://cert-portal.siemens.com/productcert/txt/ssa-419740.txt
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
