CVE-2024-50559 Siemens CVE debrief

Who should care

Organizations operating Siemens SCALANCE M-800 series routers (including M804PB, M812-1, M816-1, M826-2, M874-2, M874-3, M876-3, M876-4, MUM853-1, MUM856-1 variants) and RUGGEDCOM RM1224 LTE routers in industrial, utility, transportation, or critical infrastructure environments. Security teams responsible for OT/ICS network infrastructure and certificate lifecycle management should prioritize this update.

Technical summary

CVE-2024-50559 is an input validation vulnerability affecting 26 Siemens industrial router products across the SCALANCE M-800 family and RUGGEDCOM RM1224 series. The flaw exists in the certificate filename validation mechanism, where improper sanitization allows authenticated remote attackers to append arbitrary values to certificate filenames. This integrity compromise could enable further attacks or system manipulation. The vulnerability requires user interaction and has a CVSS 3.1 score of 4.3 (Medium). Siemens has released firmware version 8.2 to address this issue across all affected product variants.

Defensive priority

medium

Recommended defensive actions

• Update affected Siemens SCALANCE M-800 family and RUGGEDCOM RM1224 devices to firmware version 8.2 or later as specified in the vendor security advisory.
• Apply network segmentation and restrict management interface access to trusted administrative hosts only.
• Monitor certificate management operations and file system integrity for unexpected filename modifications.
• Review and implement CISA ICS recommended practices for defense-in-depth strategies in industrial control environments.

Evidence notes

The vulnerability description and remediation guidance are sourced from CISA CSAF advisory ICSA-24-319-06, which references Siemens security advisory SSA-354112. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) indicates network attack vector with low attack complexity, no privileges required, user interaction required, and low integrity impact.

Official resources