Lucene search

SiemensCVE-2024-41977

HistoryAug 13, 2024 - 8:15 a.m.

CVE-2024-41977

2024-08-1308:15:15

CWE-488

siemens

web.nvd.nist.gov

vulnerability

ruggedcom

scalance

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS4

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.9%

JSON

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices.

Affected configurations

Nvd

Node

siemensruggedcom_rm1224_lte\(4g\)_eu_firmwareRange<8.1

AND

siemensruggedcom_rm1224_lte\(4g\)_euMatch-

Node

siemensruggedcom_rm1224_lte\(4g\)_nam_firmwareRange<8.1

AND

siemensruggedcom_rm1224_lte\(4g\)_namMatch-

Node

siemensscalance_m804pb_firmwareRange<8.1

AND

siemensscalance_m804pbMatch-

Node

siemensscalance_m826-2_shdsl-router_firmwareRange<8.1

AND

siemensscalance_m826-2_shdsl-routerMatch-

Node

siemensscalance_m874-2_firmwareRange<8.1

AND

siemensscalance_m874-2Match-

Node

siemensscalance_m874-3_firmwareRange<8.1

AND

siemensscalance_m874-3Match-

Node

siemensscalance_m876-3_firmwareRange<8.1

AND

siemensscalance_m876-3Match-

Node

siemensscalance_m876-4_firmwareRange<8.1

AND

siemensscalance_m876-4Match-

Node

siemensscalance_m874-3_3g-router_\(cn\)_firmwareRange<8.1

AND

siemensscalance_m874-3_3g-router_\(cn\)Match-

Node

siemensscalance_m876-3_\(rok\)_firmwareRange<8.1

AND

siemensscalance_m876-3_\(rok\)Match-

Node

siemensscalance_m876-4_\(eu\)_firmwareRange<8.1

AND

siemensscalance_m876-4_\(eu\)Match-

Node

siemensscalance_m876-4_\(nam\)_firmwareRange<8.1

AND

siemensscalance_m876-4_\(nam\)Match-

Node

siemensscalance_mum853-1_\(a1\)_firmwareRange<8.1

AND

siemensscalance_mum853-1_\(a1\)Match-

Node

siemensscalance_mum853-1_\(b1\)_firmwareRange<8.1

AND

siemensscalance_mum853-1_\(b1\)Match-

Node

siemensscalance_mum853-1_\(eu\)_firmwareRange<8.1

AND

siemensscalance_mum853-1_\(eu\)Match-

Node

siemensscalance_mum856-1_\(a1\)_firmwareRange<8.1

AND

siemensscalance_mum856-1_\(a1\)Match-

Node

siemensscalance_mum856-1_\(b1\)_firmwareRange<8.1

AND

siemensscalance_mum856-1_\(b1\)Match-

Node

siemensscalance_mum856-1_\(cn\)_firmwareRange<8.1

AND

siemensscalance_mum856-1_\(cn\)Match-

Node

siemensscalance_mum856-1_\(eu\)_firmwareRange<8.1

AND

siemensscalance_mum856-1_\(eu\)Match-

Node

siemensscalance_mum856-1_\(row\)_firmwareRange<8.1

AND

siemensscalance_mum856-1_\(row\)Match-

Node

siemensscalance_s615_eec_lan-router_firmwareRange<8.1

AND

siemensscalance_s615_eec_lan-routerMatch-

Node

siemensscalance_s615_lan-router_firmwareRange<8.1

AND

siemensscalance_s615_lan-routerMatch-

Node

siemensscalance_m812-1_\(annex_a\)_firmwareRange<8.1

AND

siemensscalance_m812-1_\(annex_a\)Match-

Node

siemensscalance_m812-1_\(annex_b\)_firmwareRange<8.1

AND

siemensscalance_m812-1_\(annex_b\)Match-

Node

siemensscalance_m816-1_\(annex_a\)_firmwareRange<8.1

AND

siemensscalance_m816-1_\(annex_a\)Match-

Node

siemensscalance_m816-1_\(annex_b\)_firmwareRange<8.1

AND

siemensscalance_m816-1_\(annex_b\)Match-

VendorProductVersionCPE
siemensruggedcom_rm1224_lte\(4g\)_eu_firmware*cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rm1224_lte\(4g\)_eu-cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:*
siemensruggedcom_rm1224_lte\(4g\)_nam_firmware*cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:*
siemensruggedcom_rm1224_lte\(4g\)_nam-cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:*
siemensscalance_m804pb_firmware*cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
siemensscalance_m804pb-cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*
siemensscalance_m826-2_shdsl-router_firmware*cpe:2.3:o:siemens:scalance_m826-2_shdsl-router_firmware:*:*:*:*:*:*:*:*
siemensscalance_m826-2_shdsl-router-cpe:2.3:h:siemens:scalance_m826-2_shdsl-router:-:*:*:*:*:*:*:*
siemensscalance_m874-2_firmware*cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
siemensscalance_m874-2-cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware	*	cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware::::::::
siemens	ruggedcom_rm1224_lte\(4g\)_eu	-	cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:::::::*
siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware	*	cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware::::::::
siemens	ruggedcom_rm1224_lte\(4g\)_nam	-	cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:::::::*
siemens	scalance_m804pb_firmware	*	cpe:2.3:o:siemens:scalance_m804pb_firmware::::::::
siemens	scalance_m804pb	-	cpe:2.3:h:siemens:scalance_m804pb:-:::::::*
siemens	scalance_m826-2_shdsl-router_firmware	*	cpe:2.3:o:siemens:scalance_m826-2_shdsl-router_firmware::::::::
siemens	scalance_m826-2_shdsl-router	-	cpe:2.3:h:siemens:scalance_m826-2_shdsl-router:-:::::::*
siemens	scalance_m874-2_firmware	*	cpe:2.3:o:siemens:scalance_m874-2_firmware::::::::
siemens	scalance_m874-2	-	cpe:2.3:h:siemens:scalance_m874-2:-:::::::*

Rows per page:

1-10 of 521

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) EU",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "RUGGEDCOM RM1224 LTE(4G) NAM",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M804PB",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M812-1 ADSL-Router family",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M816-1 ADSL-Router family",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M826-2 SHDSL-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M874-3 3G-Router (CN)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-3 (ROK)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE M876-4 (NAM)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (A1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (B1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM853-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (A1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (B1)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (CN)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (EU)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE MUM856-1 (RoW)",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 EEC LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SCALANCE S615 LAN-Router",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V8.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-087301.html

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS4

7.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.9%

JSON

Related for CVE-2024-41977