Login Sign Up

CVE-2024-50572

7.2 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability affects multiple Siemens industrial network devices where improper input sanitization allows authenticated remote attackers with administrative privileges to execute code or spawn a root shell. The vulnerability impacts various RUGGEDCOM and SCALANCE router models running outdated firmware versions. Attackers need administrative credentials but can achieve full system compromise.

💻 Affected Systems

Products:
  • RUGGEDCOM RM1224 LTE(4G) EU
  • RUGGEDCOM RM1224 LTE(4G) NAM
  • SCALANCE M804PB
  • SCALANCE M812-1 ADSL-Router
  • SCALANCE M816-1 ADSL-Router
  • SCALANCE M826-2 SHDSL-Router
  • SCALANCE M874-2
  • SCALANCE M874-3
  • SCALANCE M876-3
  • SCALANCE M876-4
  • SCALANCE MUM853-1
  • SCALANCE MUM856-1
  • SCALANCE S615 EEC LAN-Router
  • SCALANCE S615 LAN-Router
  • SCALANCE WAB762-1
  • SCALANCE WAM763-1
  • SCALANCE WAM766-1
  • SCALANCE WUB762-1
  • SCALANCE WUM763-1
  • SCALANCE WUM766-1
Versions: All versions < V8.2 for most devices, < V3.0.0 for W-series devices
Operating Systems: Embedded firmware on affected devices
Default Config Vulnerable: ⚠️ Yes
Notes: Affects multiple product variants with different regional configurations. Requires administrative authentication to exploit.

📦 What is this software?

Ruggedcom Rm1224 Lte\(4g\) Eu Firmware by Siemens

View all CVEs affecting Ruggedcom Rm1224 Lte\(4g\) Eu Firmware →

Ruggedcom Rm1224 Lte\(4g\) Nam Firmware by Siemens

View all CVEs affecting Ruggedcom Rm1224 Lte\(4g\) Nam Firmware →

Scalance M804pb Firmware by Siemens

View all CVEs affecting Scalance M804pb Firmware →

Scalance M812 1 \(annex A\) Firmware by Siemens

View all CVEs affecting Scalance M812 1 \(annex A\) Firmware →

Scalance M812 1 \(annex B\) Firmware by Siemens

View all CVEs affecting Scalance M812 1 \(annex B\) Firmware →

Scalance M816 1 \(annex A\) Firmware by Siemens

View all CVEs affecting Scalance M816 1 \(annex A\) Firmware →

Scalance M816 1 \(annex B\) Firmware by Siemens

View all CVEs affecting Scalance M816 1 \(annex B\) Firmware →

Scalance M826 2 Firmware by Siemens

View all CVEs affecting Scalance M826 2 Firmware →

Scalance M874 2 Firmware by Siemens

View all CVEs affecting Scalance M874 2 Firmware →

Scalance M874 3 \(cn\) Firmware by Siemens

View all CVEs affecting Scalance M874 3 \(cn\) Firmware →

Scalance M874 3 Firmware by Siemens

View all CVEs affecting Scalance M874 3 Firmware →

Scalance M876 3 \(rok\) Firmware by Siemens

View all CVEs affecting Scalance M876 3 \(rok\) Firmware →

Scalance M876 3 Firmware by Siemens

View all CVEs affecting Scalance M876 3 Firmware →

Scalance M876 4 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance M876 4 \(eu\) Firmware →

Scalance M876 4 \(nam\) Firmware by Siemens

View all CVEs affecting Scalance M876 4 \(nam\) Firmware →

Scalance M876 4 Firmware by Siemens

View all CVEs affecting Scalance M876 4 Firmware →

Scalance Mum853 1 \(a1\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(a1\) Firmware →

Scalance Mum853 1 \(b1\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(b1\) Firmware →

Scalance Mum853 1 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance Mum853 1 \(eu\) Firmware →

Scalance Mum856 1 \(a1\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(a1\) Firmware →

Scalance Mum856 1 \(b1\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(b1\) Firmware →

Scalance Mum856 1 \(cn\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(cn\) Firmware →

Scalance Mum856 1 \(eu\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(eu\) Firmware →

Scalance Mum856 1 \(row\) Firmware by Siemens

View all CVEs affecting Scalance Mum856 1 \(row\) Firmware →

Scalance S615 Eec Firmware by Siemens

View all CVEs affecting Scalance S615 Eec Firmware →

Scalance S615 Firmware by Siemens

View all CVEs affecting Scalance S615 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover with root shell access, allowing attackers to modify configurations, intercept network traffic, install persistent backdoors, or pivot to other industrial control systems.

🟠

Likely Case

Privileged attackers exploiting this to gain persistent access, modify routing/firewall rules, or disrupt industrial network operations.

🟢

If Mitigated

Limited impact if strong access controls, network segmentation, and administrative credential protection are implemented.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers with stolen/admin credentials can exploit remotely.
🏢 Internal Only: MEDIUM - Requires internal network access and administrative credentials, but still poses significant risk in industrial environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW - Once administrative credentials are obtained, exploitation is straightforward.

Exploitation requires administrative privileges. No public exploit code identified at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V8.2 for most devices, V3.0.0 for W-series devices

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-354112.html

Restart Required: Yes

Instructions:

1. Download firmware update from Siemens Industrial Security website. 2. Backup device configuration. 3. Apply firmware update following vendor documentation. 4. Verify successful update and restore configuration if needed. 5. Test device functionality.

🔧 Temporary Workarounds

Restrict Administrative Access

all

Limit administrative access to trusted IP addresses and networks only

Configure firewall rules to restrict management interface access
Implement IP whitelisting for administrative connections

Strengthen Authentication

all

Enforce strong administrative passwords and consider multi-factor authentication

Set complex passwords with minimum 12 characters
Enable account lockout policies

🧯 If You Can't Patch

  • Segment affected devices in isolated network zones with strict firewall rules
  • Monitor for suspicious administrative login attempts and command execution

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. Compare against patched versions (V8.2 or V3.0.0 depending on device).

Check Version:

Web interface: System > Device Information > Firmware Version. CLI: 'show version' or similar device-specific command.

Verify Fix Applied:

Confirm firmware version shows V8.2 or higher (or V3.0.0+ for W-series) after update. Test administrative functions to ensure stability.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed administrative login attempts
  • Unusual administrative session patterns
  • Unexpected configuration changes
  • System command execution in logs

Network Indicators:

  • Unusual administrative traffic patterns
  • Connections from unexpected sources to management interfaces
  • Anomalous outbound connections from devices

SIEM Query:

source="industrial_router" AND (event_type="admin_login" OR event_type="config_change") AND user="admin" AND result="success"

📊 Metadata

CVE ID: CVE-2024-50572
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: November 12, 2024
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50572, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)