PatchSiren cyber security CVE debrief
CVE-2024-41797 Siemens CVE debrief
CVE-2024-41797 is a medium-severity authorization flaw in multiple Siemens SCALANCE and RUGGEDCOM devices. According to the advisory, an authenticated remote attacker with the "guest" role could invoke an internal "do system" command beyond their intended privileges. The most notable described impact is the ability to clear the local system log.
- Vendor
- Siemens
- Product
- RUGGEDCOM RST2428P (6GK6242-6PA00)
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-10
- Original CVE updated
- 2025-06-10
- Advisory published
- 2025-06-10
- Advisory updated
- 2025-06-10
Who should care
Organizations running affected Siemens SCALANCE or RUGGEDCOM devices, especially OT/industrial network teams, plant operators, and defenders responsible for device access control and logging integrity.
Technical summary
The supplied advisory describes an incorrect authorization check that allows an authenticated remote user with guest privileges to call an internal command intended for higher privilege contexts. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) indicates network exploitation with low attack complexity and low integrity impact, with no confidentiality or availability impact reflected in the score. The cited practical effect is limited low-risk system actions, including clearing the local system log.
Defensive priority
Medium. The issue requires authenticated access, but it can undermine log integrity and privilege boundaries on exposed management interfaces. Apply the vendor fix promptly on affected devices and verify that guest-role access is constrained or removed where operationally feasible.
Recommended defensive actions
- Update affected Siemens products to V3.1 or later, per the vendor remediation.
- Review device access control so guest-role accounts are limited to the minimum required privileges.
- Restrict management-plane exposure to trusted administrative networks only.
- Monitor for unexpected changes to local system logs and configuration state.
- Validate that device inventories include the affected SCALANCE and RUGGEDCOM models listed in the advisory.
- Follow Siemens and CISA industrial control system security guidance for layered defenses and network segmentation.
Evidence notes
Source corpus states: "Affected devices contain an incorrect authorization check vulnerability" and that an authenticated remote attacker with "guest" role can invoke an internal "do system" command. The same advisory says the most critical action is clearing the local system log. The advisory metadata lists CVSS 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, and remediation is to update to V3.1 or later. Public disclosure date in the supplied corpus is 2025-06-10.
Official resources
-
CVE-2024-41797 CVE record
CVE.org
-
CVE-2024-41797 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in Siemens/CISA advisory ICSA-25-162-03 on 2025-06-10. The supplied source corpus marks the CVE published and modified on the same date.