SSA-354112: Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2 Key Information from the Webpage: 1. Publication Date: - 2024-11-12 2. Last Update: - 2024-11-12 3. Current Version: - V1.0 4. CVSS v3.1 Base Score: - 7.5 5. CVSS v4.0 Base Score: - 8.6 6. Summary: - SCALANCE M-800 family before V8.2 is affected by multiple vulnerabilities. - Siemens has released new versions for the affected products and recommends updating to the latest versions. 7. Affected Products and Solution: - Affected Product and Versions: - SCALANCE M-800 family (incl. S615, MUM-800, and RM1224) - Remediation: - Update to V8.2 or later version - https://support.industry.siemens.com/cs/www/en/view/109976047/ 8. Workarounds and Mitigations: - Product-specific remediations or mitigations can be found in the section "Affected Products and Solution." - Please follow the General Security Recommendations. 9. General Security Recommendations: - Siemens recommends to protect network access to devices with appropriate mechanisms. - To operate the devices in a protected IT environment, configure the environment according to Siemens' operational guidelines for Industrial Security. - Additional information on Industrial Security by Siemens can be found at https://www.siemens.com/industrialsecurity. 10. Product Description: - This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. - Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities. 11. Vulnerability Description: - Un-Collapse All 12. Additional Information: - For further inquiries on security vulnerabilities in Siemens products and solutions, please contact Siemens ProductCERT: https://www.siemens.com/cert/advisories 13. History Data: - V1.0 (2024-11-12): Publication Date 14. Terms of Use: - The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use --- This summary provides a concise overview of the key information from the webpage, focusing on the vulnerabilities, affected products, and recommended solutions.