CVE-2024-50559

Q: How do I fix CVE-2024-50559?

1. Download firmware V8.2 or later from Siemens Industrial Online Support. 2. Backup current device configuration. 3. Upload new firmware via device web interface or management tools. 4. Apply firmware update. 5. Reboot device. 6. Restore configuration if needed. 7. Verify firmware version is V8.2 or higher.

Q: What is the severity of CVE-2024-50559?

CVE-2024-50559 has a CVSS score of 4.3 (MEDIUM). This vulnerability affects multiple Siemens industrial network devices where improper filename validation for certificates allows authenticated remote attackers to append arbitrary values, compromising system integrity. It impacts RUGGEDCOM and SCALANCE routers/modems running firmware versions below V8.2. Attackers must have authenticated access to exploit this weakness.

4.3 MEDIUM

Path Traversal

📋 TL;DR

This vulnerability affects multiple Siemens industrial network devices where improper filename validation for certificates allows authenticated remote attackers to append arbitrary values, compromising system integrity. It impacts RUGGEDCOM and SCALANCE routers/modems running firmware versions below V8.2. Attackers must have authenticated access to exploit this weakness.

💻 Affected Systems

Products:

RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)
SCALANCE M804PB (6GK5804-0AP00-2AA2)
SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2)
SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2)
SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2)
SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2)
SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)
SCALANCE M874-2 (6GK5874-2AA00-2AA2)
SCALANCE M874-3 (6GK5874-3AA00-2AA2)
SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2)
SCALANCE M876-3 (6GK5876-3AA02-2BA2)
SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)
SCALANCE M876-4 (6GK5876-4AA10-2BA2)
SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)
SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)
SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1)
SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1)
SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1)
SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1)
SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1)
SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1)
SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1)
SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1)
SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2)
SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2)

Versions: All versions < V8.2

Operating Systems: Embedded firmware on affected devices

Default Config Vulnerable: ⚠️ Yes

Notes: All listed Siemens industrial networking devices with firmware below V8.2 are vulnerable. Exploitation requires authenticated access to the device management interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker could manipulate certificate files to establish persistent backdoors, intercept or modify network traffic, or disrupt industrial network operations.

🟠

Likely Case

Privileged insider or compromised account could tamper with certificate configurations to bypass security controls or enable man-in-the-middle attacks.

🟢

If Mitigated

With proper access controls and network segmentation, impact limited to isolated network segments with minimal operational disruption.

🌐 Internet-Facing: MEDIUM - Devices directly exposed to internet are vulnerable if authentication credentials are compromised, but exploit requires authenticated access.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this to compromise network integrity within industrial control systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access to device management interface. No public exploit code identified at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V8.2 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Restart Required: Yes

Instructions:

1. Download firmware V8.2 or later from Siemens Industrial Online Support. 2. Backup current device configuration. 3. Upload new firmware via device web interface or management tools. 4. Apply firmware update. 5. Reboot device. 6. Restore configuration if needed. 7. Verify firmware version is V8.2 or higher.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit device management interface access to trusted IP addresses and networks only

Configure firewall rules to restrict access to device management IP/ports
Use VLAN segmentation for management networks

Strengthen Authentication

all

Implement strong authentication policies and multi-factor authentication if supported

Enforce complex passwords
Enable account lockout policies
Regularly rotate credentials

🧯 If You Can't Patch

Implement network segmentation to isolate affected devices from critical systems
Monitor for unauthorized certificate changes and management interface access attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If version is below V8.2, device is vulnerable.

Check Version:

Check via web interface: System > Device Information > Firmware Version. CLI command varies by device model.

Verify Fix Applied:

After updating, verify firmware version shows V8.2 or higher in device management interface.

📡 Detection & Monitoring

Log Indicators:

Unauthorized certificate upload/modification events
Multiple failed authentication attempts followed by successful login
Unusual management interface access from unexpected IP addresses

Network Indicators:

Unexpected certificate changes in network traffic inspection
Anomalous management protocol traffic patterns

SIEM Query:

source="industrial_router_logs" AND (event_type="certificate_modification" OR event_type="config_change") AND user!="authorized_admin"

📊 Metadata

CVE ID: CVE-2024-50559

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-22

Published: November 12, 2024

Last Updated: November 13, 2024

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-354112.html Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ruggedcom Rm1224 Lte\(4g\) Eu Firmware by Siemens

Ruggedcom Rm1224 Lte\(4g\) Nam Firmware by Siemens

Scalance M804pb Firmware by Siemens

Scalance M812 1 \(annex A\) Firmware by Siemens

Scalance M812 1 \(annex B\) Firmware by Siemens

Scalance M816 1 \(annex A\) Firmware by Siemens

Scalance M816 1 \(annex B\) Firmware by Siemens

Scalance M826 2 Firmware by Siemens

Scalance M874 2 Firmware by Siemens

Scalance M874 3 \(cn\) Firmware by Siemens

Scalance M874 3 Firmware by Siemens

Scalance M876 3 \(rok\) Firmware by Siemens

Scalance M876 3 Firmware by Siemens

Scalance M876 4 \(eu\) Firmware by Siemens

Scalance M876 4 \(nam\) Firmware by Siemens

Scalance M876 4 Firmware by Siemens

Scalance Mum853 1 \(a1\) Firmware by Siemens

Scalance Mum853 1 \(b1\) Firmware by Siemens

Scalance Mum853 1 \(eu\) Firmware by Siemens

Scalance Mum856 1 \(a1\) Firmware by Siemens

Scalance Mum856 1 \(b1\) Firmware by Siemens

Scalance Mum856 1 \(cn\) Firmware by Siemens

Scalance Mum856 1 \(eu\) Firmware by Siemens

Scalance Mum856 1 \(row\) Firmware by Siemens

Scalance S615 Eec Firmware by Siemens

Scalance S615 Firmware by Siemens