SCALANCE M874-3 VPN Router Vulnerability
CVE-2024-41976

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Rm1224 Lte(4g) Eu; Ruggedcom Rm1224 Lte(4g) Nam; Scalance M804pb; Scalance M812-1 Adsl-router Family
Vendor: CVE Published:; 13 August 2024

Summary

A notable security vulnerability affects several RUGGEDCOM and SCALANCE devices due to improper validation of input in specific VPN configuration fields. This security flaw allows an authenticated remote attacker to potentially execute arbitrary code on the affected devices, posing serious risk to network integrity and device functionality. Users of the RUGGEDCOM RM1224 LTE and SCALANCE product lines, particularly those operating on firmware version earlier than V8.1, should take immediate action to secure their systems against potential exploitation. Remedial updates and best practices for network security are recommended to mitigate any associated threats.

Affected Version(s)

RUGGEDCOM RM1224 LTE(4G) EU 0

RUGGEDCOM RM1224 LTE(4G) NAM 0

SCALANCE M804PB 0

References

https://cert-portal.siemens.com/productcert/html/ssa-0873...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jul 25, 2024