OpenVPN Authentication Flaw in Siemens RUGGEDCOM and SCALANCE Products
CVE-2025-23384
6.3MEDIUM
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 11 March 2025
What is CVE-2025-23384?
A vulnerability has been identified in multiple Siemens RUGGEDCOM and SCALANCE devices that fail to properly validate usernames during OpenVPN authentication. This weakness allows attackers to exploit the server's handling of partial invalid usernames, potentially leading to unauthorized access or other malicious activities. Users are advised to take immediate action by upgrading to version V8.2.1 or later to mitigate this risk effectively.
Affected Version(s)
RUGGEDCOM RM1224 LTE(4G) EU 0
RUGGEDCOM RM1224 LTE(4G) NAM 0
SCALANCE M804PB 0