Login Sign Up

CVE-2024-41976

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability affects multiple Siemens industrial routers and allows authenticated remote attackers to execute arbitrary code by exploiting improper input validation in VPN configuration fields. Organizations using affected RUGGEDCOM and SCALANCE router models with versions below V8.1 are at risk.

💻 Affected Systems

Products:
  • RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
  • RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
  • SCALANCE M804PB (6GK5804-0AP00-2AA2)
  • SCALANCE M812-1 ADSL-Router family
  • SCALANCE M816-1 ADSL-Router family
  • SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
  • SCALANCE M874-2 (6GK5874-2AA00-2AA2)
  • SCALANCE M874-3 (6GK5874-3AA00-2AA2)
  • SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
  • SCALANCE M876-3 (6GK5876-3AA02-2BA2)
  • SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
  • SCALANCE M876-4 (6GK5876-4AA10-2BA2)
  • SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
  • SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
  • SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
  • SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
  • SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
  • SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
  • SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
  • SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
  • SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
  • SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
  • SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
  • SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)
Versions: All versions < V8.1
Operating Systems: Embedded router OS
Default Config Vulnerable: ⚠️ Yes
Notes: VPN configuration must be enabled for exploitation. Affects multiple industrial router families used in critical infrastructure.

📦 What is this software?

Ruggedcom Rm1224 Lte\(4g\) Eu Firmware by Siemens

View all CVEs affecting Ruggedcom Rm1224 Lte\(4g\) Eu Firmware →

Ruggedcom Rm1224 Lte\(4g\) Nam Firmware by Siemens

View all CVEs affecting Ruggedcom Rm1224 Lte\(4g\) Nam Firmware →

Scalance M804pb Firmware by Siemens

View all CVEs affecting Scalance M804pb Firmware →

Scalance M812 1 \(annex A\) Firmware by Siemens

View all CVEs affecting Scalance M812 1 \(annex A\) Firmware →

Scalance M812 1 \(annex B\) Firmware by Siemens

View all CVEs affecting Scalance M812 1 \(annex B\) Firmware →

Scalance M816 1 \(annex A\) Firmware by Siemens

View all CVEs affecting Scalance M816 1 \(annex A\) Firmware →

Scalance M816 1 \(annex B\) Firmware by Siemens

View all CVEs affecting Scalance M816 1 \(annex B\) Firmware →

Scalance M826 2 Shdsl Router Firmware by Siemens

View all CVEs affecting Scalance M826 2 Shdsl Router Firmware →

Scalance M874 2 Firmware by Siemens

View all CVEs affecting Scalance M874 2 Firmware →

Scalance M874 3 3g Router \(cn\) Firmware by Siemens

View all CVEs affecting Scalance M874 3 3g Router \(cn\) Firmware →

Scalance M874 3 Firmware by Siemens

View all CVEs affecting Scalance M874 3 Firmware →

Scalance M876 3 \(rok\) Firmware by Siemens

View all CVEs affecting Scalance M876 3 \(rok\) Firmware →

Scalance M876 3 Firmware by Siemens

View all CVEs affecting Scalance M876 3 Firmware →

Scalance M876 4 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance M876 4 \(eu\) Firmware →

Scalance M876 4 \(nam\) Firmware by Siemens

View all CVEs affecting Scalance M876 4 \(nam\) Firmware →

Scalance M876 4 Firmware by Siemens

View all CVEs affecting Scalance M876 4 Firmware →

Scalance Mum853 1 \(a1\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(a1\) Firmware →

Scalance Mum853 1 \(b1\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(b1\) Firmware →

Scalance Mum853 1 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(eu\) Firmware →

Scalance Mum856 1 \(a1\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(a1\) Firmware →

Scalance Mum856 1 \(b1\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(b1\) Firmware →

Scalance Mum856 1 \(cn\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(cn\) Firmware →

Scalance Mum856 1 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(eu\) Firmware →

Scalance Mum856 1 \(row\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(row\) Firmware →

Scalance S615 Eec Lan Router Firmware by Siemens

View all CVEs affecting Scalance S615 Eec Lan Router Firmware →

Scalance S615 Lan Router Firmware by Siemens

View all CVEs affecting Scalance S615 Lan Router Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to modify configurations, intercept traffic, pivot to internal networks, or disrupt industrial operations.

🟠

Likely Case

Attacker gains persistent access to router, enabling traffic monitoring, configuration changes, and potential lateral movement to connected industrial systems.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access to VPN configuration interface. No public exploit available at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V8.1 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-087301.html

Restart Required: Yes

Instructions:

1. Download firmware V8.1 or later from Siemens Industrial Security website. 2. Backup current configuration. 3. Upload new firmware via web interface or CLI. 4. Reboot device. 5. Verify firmware version and restore configuration if needed.

🔧 Temporary Workarounds

Disable VPN functionality

all

If VPN is not required, disable VPN services to remove attack surface

configure terminal
no vpn enable
write memory

Restrict VPN configuration access

all

Limit VPN configuration interface access to trusted management networks only

configure terminal
access-list vpn-config permit <trusted_network>
interface vpn
apply access-list vpn-config
write memory

🧯 If You Can't Patch

  • Segment affected routers in isolated network zones with strict firewall rules
  • Implement multi-factor authentication for all administrative access to routers

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI 'show version' command

Check Version:

show version

Verify Fix Applied:

Verify firmware version is V8.1 or higher and test VPN configuration with malformed input

📡 Detection & Monitoring

Log Indicators:

  • Unusual VPN configuration changes
  • Multiple failed authentication attempts followed by VPN config modifications
  • Unexpected device reboots or service restarts

Network Indicators:

  • Unusual outbound connections from router management interface
  • VPN configuration traffic from unexpected source IPs

SIEM Query:

source="industrial_router" AND (event="vpn_config_change" OR event="firmware_update")

📊 Metadata

CVE ID: CVE-2024-41976
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: August 13, 2024
Last Updated: August 23, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41976, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)