Sign-up

ID

VAR-202408-0003


CVE

CVE-2024-41976


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-006387

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly validate input in specific VPN configuration fields. This could allow an authenticated remote attacker to execute arbitrary code on the device. ruggedcom rm1224 lte(4g) eu firmware, ruggedcom rm1224 lte(4g) nam firmware, scalance m804pb Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800, S615, RUGGEDCOM RM1224 are all industrial routers

Trust: 2.16

sources: NVD: CVE-2024-41976 // JVNDB: JVNDB-2024-006387 // CNVD: CNVD-2024-35438

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35438

AFFECTED PRODUCTS

vendor:siemensmodel:scalance mum856-1 \scope:ltversion:8.1

Trust: 5.0

vendor:シーメンスmodel:scalance mum856-1scope: - version: -

Trust: 4.0

vendor:siemensmodel:scalance mum853-1 \scope:ltversion:8.1

Trust: 3.0

vendor:シーメンスmodel:scalance m876-4scope: - version: -

Trust: 2.4

vendor:シーメンスmodel:scalance mum853-1scope: - version: -

Trust: 2.4

vendor:siemensmodel:scalance m816-1 \scope:ltversion:8.1

Trust: 2.0

vendor:siemensmodel:scalance m876-4 \scope:ltversion:8.1

Trust: 2.0

vendor:siemensmodel:scalance m812-1 \scope:ltversion:8.1

Trust: 2.0

vendor:シーメンスmodel:scalance m876-3scope: - version: -

Trust: 1.6

vendor:siemensmodel:scalance s615 eec lan-routerscope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m874-3scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m876-3scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance s615 lan-routerscope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m874-2scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m826-2 shdsl-routerscope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m874-3 3g-router \scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m876-3 \scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m804pbscope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ euscope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:scalance m876-4scope:ltversion:8.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rm1224 lte\ namscope:ltversion:8.1

Trust: 1.0

vendor:シーメンスmodel:scalance m804pbscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-3 3g-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m874-2scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte euscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:scalance m826-2 shdsl-routerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:ruggedcom rm1224 lte namscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance m-800 familyscope:ltversion:8.1

Trust: 0.6

sources: CNVD: CNVD-2024-35438 // JVNDB: JVNDB-2024-006387 // NVD: CVE-2024-41976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-41976
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2024-41976
value: HIGH

Trust: 1.0

NVD: CVE-2024-41976
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-35438
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-35438
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-41976
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-41976
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-41976
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-35438 // JVNDB: JVNDB-2024-006387 // NVD: CVE-2024-41976 // NVD: CVE-2024-41976

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-006387 // NVD: CVE-2024-41976

PATCH

title:Patch for Siemens SCALANCE M-800 Series Input Validation Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576911

Trust: 0.6

sources: CNVD: CNVD-2024-35438

EXTERNAL IDS

db:NVDid:CVE-2024-41976

Trust: 3.2

db:SIEMENSid:SSA-087301

Trust: 2.4

db:JVNid:JVNVU99084687

Trust: 0.8

db:ICS CERTid:ICSA-24-228-01

Trust: 0.8

db:JVNDBid:JVNDB-2024-006387

Trust: 0.8

db:CNVDid:CNVD-2024-35438

Trust: 0.6

sources: CNVD: CNVD-2024-35438 // JVNDB: JVNDB-2024-006387 // NVD: CVE-2024-41976

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-087301.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99084687/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41976

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-01

Trust: 0.8

sources: CNVD: CNVD-2024-35438 // JVNDB: JVNDB-2024-006387 // NVD: CVE-2024-41976

SOURCES

db:CNVDid:CNVD-2024-35438
db:JVNDBid:JVNDB-2024-006387
db:NVDid:CVE-2024-41976

LAST UPDATE DATE

2024-08-27T21:42:11.648000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35438date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-006387date:2024-08-26T01:20:00
db:NVDid:CVE-2024-41976date:2024-08-23T18:40:16.173

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35438date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-006387date:2024-08-26T00:00:00
db:NVDid:CVE-2024-41976date:2024-08-13T08:15:15.403