Siemens SCALANCE M-800, RUGGEDCOM RM1224

Plan PatchCVSS 7.2ICS-CERT ICSA-24-228-01Aug 13, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Siemens SCALANCE M-800 family routers and RUGGEDCOM RM1224 LTE cellular gateways (firmware versions prior to V8.1) involve insufficient input validation (CWE-20), improper resource handling (CWE-400, CWE-488), and sensitive information exposure in log files (CWE-532). An authenticated attacker can exploit these flaws through the device management interface to cause command injection, resource exhaustion, or information disclosure. Siemens has released firmware version 8.1 or later for all affected products to remediate these issues.

What this means

What could happen

An attacker with administrative credentials could exploit multiple input validation and resource handling flaws to execute arbitrary commands on affected routers and cellular gateways, potentially disrupting WAN connectivity for critical ICS networks or altering routing and firewall rules.

Who's at risk

Water authorities, electric utilities, and other critical infrastructure operators using Siemens SCALANCE M-800 series routers (ADSL, SHDSL, cellular variants) or RUGGEDCOM RM1224 LTE cellular gateways for WAN connectivity to remote substations, pump stations, treatment facilities, or distributed control systems. These devices are common in industrial networks where they provide redundant WAN and LTE backup links to headquarters or remote monitoring centers.

How it could be exploited

An attacker with valid engineering workstation or administrative credentials can access the device management interface (web UI or SSH) and send malformed input to trigger insufficient input validation or resource exhaustion conditions. This allows command injection or denial of service that could affect network routing, VPN termination, or cellular connectivity for remote industrial sites.

Prerequisites

Valid administrative or engineering workstation credentials
Network access to device management interface (HTTP/HTTPS port 80/443 or SSH port 22)
Device running firmware version prior to V8.1

Requires valid administrative credentialsAffects network routing and WAN connectivity devicesNo patch-independent workaround available other than access controlMultiple vulnerability types (input validation, resource exhaustion, information disclosure)

Exploitability

Some exploitation risk — EPSS score 1.2%

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU<V8.18.1

RUGGEDCOM RM1224 LTE(4G) NAM<V8.18.1

SCALANCE M804PB<V8.18.1

SCALANCE M812-1 ADSL-Router family<V8.18.1

SCALANCE M816-1 ADSL-Router family<V8.18.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to device management interfaces using firewall rules; allow only authorized engineering workstations and administrative systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE M-800 and RUGGEDCOM devices to firmware version 8.1 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation to isolate WAN routers and cellular gateways from business networks and the internet

HARDENINGRequire VPN with multi-factor authentication for any remote access to device management interfaces

CVEs (4)

CVE-2023-44321 CVE-2024-41976 CVE-2024-41977 CVE-2024-41978

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5f0382e2-97fb-496f-a87a-6330b0cd3b18

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.