PatchSiren cyber security CVE debrief
CVE-2024-41977 Siemens CVE debrief
CVE-2024-41977 is a HIGH severity (CVSS 7.1) session isolation vulnerability in Siemens industrial routers. Published 2024-08-13, the flaw affects 24 Siemens SCALANCE and RUGGEDCOM router models where the web server component fails to properly enforce isolation between user sessions. An authenticated remote attacker can exploit this weakness to escalate privileges on affected devices. The vulnerability requires network access, low privileges, and user interaction, with high impact to confidentiality, integrity, and availability. Siemens has released firmware version 8.1 or later to address this issue across all affected product lines.
- Vendor
- Siemens
- Product
- RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-13
- Original CVE updated
- 2024-08-13
- Advisory published
- 2024-08-13
- Advisory updated
- 2024-08-13
Who should care
Organizations operating Siemens SCALANCE M-800, MUM800, S615, or RUGGEDCOM RM1224 industrial routers in manufacturing, energy, transportation, and critical infrastructure sectors. Security teams responsible for OT/ICS network security, network administrators managing industrial router infrastructure, and compliance officers tracking CVE remediation in operational technology environments.
Technical summary
The vulnerability exists in the web server component of affected Siemens industrial routers. Insufficient session isolation allows an authenticated attacker to cross session boundaries and escalate privileges. The attack requires network connectivity to the device, valid low-privilege credentials, and user interaction. Successful exploitation grants high impact across confidentiality, integrity, and availability dimensions. The vulnerability is rated HIGH severity with CVSS 7.1. Remediation is available through firmware update to version 8.1 or later.
Defensive priority
HIGH
Recommended defensive actions
- Update affected Siemens SCALANCE and RUGGEDCOM routers to firmware version 8.1 or later
- Restrict network access to router web management interfaces to authorized administrative hosts only
- Implement network segmentation to isolate industrial control system networks from enterprise and internet-facing networks
- Monitor for unauthorized privilege escalation attempts or anomalous administrative session activity
- Apply principle of least privilege for all accounts with access to affected router management interfaces
- Review and rotate credentials for administrative accounts on affected devices
- Consider disabling web-based management if not required, using alternative secure management methods
Evidence notes
Vulnerability disclosed in CISA ICS Advisory ICSA-24-228-01 and Siemens Security Advisory SSA-087301. Affects 24 router models across SCALANCE M-800, MUM800, and RUGGEDCOM RM1224 families. CVSS 3.1 vector: AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2024-41977 CVE record
CVE.org
-
CVE-2024-41977 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-13