PatchSiren cyber security CVE debrief

CVE-2024-50557 Siemens CVE debrief

CVE-2024-50557 is a high-severity vulnerability in Siemens SCALANCE M-800 family industrial routers and related devices, published on November 12, 2024. The flaw stems from improper input validation in the iperf functionality configuration fields, enabling unauthenticated remote attackers to execute arbitrary code on affected devices. The vulnerability carries a CVSS 3.1 score of 7.2 (HIGH severity) with a vector of AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, high privileges required, and high impacts on confidentiality, integrity, and availability. Twenty-six Siemens industrial router products are affected, spanning the RUGGEDCOM RM1224, SCALANCE M804PB, M812-1, M816-1, M826-2, M874-2, M874-3, M876-3, M876-4, MUM853-1, MUM856-1, and S615 product lines. Siemens has released firmware version 8.2 or later to remediate this vulnerability. Organizations operating these industrial networking devices should prioritize patching, as successful exploitation could compromise critical infrastructure network segmentation and security controls.

Vendor: Siemens
Product: RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2)
CVSS: HIGH 7.2
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-11-12
Original CVE updated: 2025-05-06
Advisory published: 2024-11-12
Advisory updated: 2025-05-06

Who should care

Organizations operating Siemens SCALANCE M-800 series routers, RUGGEDCOM RM1224 LTE routers, or SCALANCE S615 security modules in industrial environments, particularly those with exposed management interfaces or iperf functionality enabled. Critical infrastructure operators in manufacturing, energy, transportation, and utilities sectors relying on these devices for secure network segmentation should prioritize assessment and remediation.

Technical summary

The vulnerability exists in the iperf network performance testing functionality implemented in Siemens industrial routers. The configuration fields for this feature fail to properly validate user-supplied input, creating an injection vector that can be exploited by unauthenticated remote attackers to execute arbitrary code with elevated privileges on the device. The iperf functionality is typically used for bandwidth testing in industrial network environments, and its exposure to untrusted input creates a significant attack surface. Successful exploitation could allow attackers to bypass network segmentation, intercept traffic, modify routing configurations, or pivot to connected industrial control systems. The high privilege requirement (PR:H) in the CVSS vector suggests the attacker may need administrative access to the iperf configuration interface, though the advisory notes unauthenticated exploitation is possible, indicating potential confusion in access control implementation.

Defensive priority

high

Recommended defensive actions

Update affected Siemens SCALANCE and RUGGEDCOM devices to firmware version 8.2 or later as provided by the vendor.
Restrict network access to device management interfaces and iperf functionality to authorized administrative hosts only.
Monitor for unauthorized configuration changes or anomalous network traffic targeting iperf service endpoints.
Apply defense-in-depth strategies for industrial control systems per CISA guidance, including network segmentation and access control lists.
Review and validate input sanitization on any custom applications interacting with device configuration APIs.

Evidence notes

Vulnerability description and affected product list derived from CISA CSAF advisory ICSA-24-319-06. CVSS vector and remediation guidance confirmed through Siemens security advisory SSA-354112. The source was last modified on 2025-05-06 to correct typos, with no substantive changes to vulnerability details.

Official resources

2024-11-12