PatchSiren cyber security CVE debrief
CVE-2024-41976 Siemens CVE debrief
CVE-2024-41976 is a high-severity vulnerability affecting 24 Siemens industrial router products, including SCALANCE M-series routers and RUGGEDCOM RM1224 devices. Published on August 13, 2024, this vulnerability stems from improper input validation in specific VPN configuration fields. An authenticated remote attacker can exploit this weakness to execute arbitrary code on affected devices. The CVSS 3.1 score of 7.2 reflects high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and high privileges required. CISA published advisory ICSA-24-228-01 on the same date, coordinating disclosure with Siemens. The vendor has released firmware version 8.1 or later to address this vulnerability. Organizations should prioritize patching, especially given the critical infrastructure contexts where these industrial routers are typically deployed.
- Vendor
- Siemens
- Product
- RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-13
Who should care
Organizations operating Siemens SCALANCE or RUGGEDCOM industrial routers in manufacturing, energy, transportation, and critical infrastructure sectors. Security teams responsible for OT/ICS network infrastructure and VPN gateway management.
Technical summary
Improper input validation vulnerability in VPN configuration fields of Siemens industrial routers. Authenticated attackers can inject malicious input through VPN configuration interfaces to achieve arbitrary code execution. Affects 24 product variants across SCALANCE M800/M800PB/M800DSL/M800UMTS/M800LTE and RUGGEDCOM RM1224 families. Fixed in firmware version 8.1.
Defensive priority
HIGH
Recommended defensive actions
- Apply Siemens firmware update to version 8.1 or later for all affected SCALANCE and RUGGEDCOM router models
- Restrict administrative access to VPN configuration interfaces to trusted personnel only
- Monitor VPN configuration changes for unauthorized modifications
- Implement network segmentation to isolate affected router management interfaces from untrusted networks
- Review and apply CISA ICS recommended practices for industrial control system security
Evidence notes
Vulnerability description and affected product list derived from CISA CSAF source. CVSS vector and remediation details confirmed through Siemens SSA-087301 advisory.
Official resources
-
CVE-2024-41976 CVE record
CVE.org
-
CVE-2024-41976 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure via CISA ICS advisory ICSA-24-228-01 and Siemens ProductCERT