Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentSiemensVULNRICHMENT:CVE-2024-41977
HistoryAug 13, 2024 - 7:54 a.m.

CVE-2024-41977

2024-08-1307:54:37
CWE-488
siemens
github.com
4
vulnerability
siemens
ruggedcom
scalance
privilege escalation
web server

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVSS4

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) EU",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M804PB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M812-1 ADSL-Router family",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M816-1 ADSL-Router family",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M826-2 SHDSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-3 3G-Router (CN)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3 (ROK)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (NAM)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (A1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (B1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (A1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (B1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (CN)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (RoW)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 EEC LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:6.2:*:*:*:*:*:*:*"
    ],
    "vendor": "siemens",
    "product": "ruggedcom_rcm1224_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "6.2",
        "lessThan": "v8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Related

cvelist 1
nessus 1
nvd 1
cve 1
ics 1
cvelist
cvelist
CVE-2024-41977
2024-08-13 07:54:37
nessus
nessus
Siemens SCALANCE M-800, RUGGEDCOM RM1224 Exposure of Data Element to Wrong Session (CVE-2024-41977)
2024-08-23 00:00:00
nvd
nvd
CVE-2024-41977
2024-08-13 08:15:15
cve
cve
CVE-2024-41977
2024-08-13 08:15:15
ics
ics
Siemens SCALANCE M-800, RUGGEDCOM RM1224
2024-08-15 12:00:00

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CVSS4

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.9%

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

JSON
Related for VULNRICHMENT:CVE-2024-41977
cvelist1nessus1nvd1cve1ics1