Siemens SCALANCE M-800 Family

Plan PatchCVSS 7.5ICS-CERT ICSA-24-319-06Nov 12, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE M-800 family industrial routers and RUGGEDCOM RM1224 LTE gateways contain multiple vulnerabilities in versions before V8.2, including buffer overflows (CWE-125), integer overflows (CWE-190), resource exhaustion (CWE-400), use-after-free (CWE-416), input validation issues (CWE-20), and access control weaknesses (CWE-284). These vulnerabilities allow an unauthenticated attacker with network access to cause denial of service or potentially execute unspecified code. Affected versions include all SCALANCE MUM853, MUM856, M804PB, M812-1, M816-1, M826-2, M874, M876 variants and RUGGEDCOM RM1224 EU/NAM/4G models running firmware below version 8.2. Siemens recommends immediate update to V8.2 or later and implementing network access controls to limit exposure.

What this means

What could happen

An attacker with network access to these industrial routers could cause denial of service, disrupt communication between control systems and remote facilities, or potentially manipulate data in transit. Devices lacking available patches leave critical site-to-site and remote access links vulnerable.

Who's at risk

Water and electric utilities that use Siemens SCALANCE M-800 family industrial routers or RUGGEDCOM RM1224 LTE/4G gateways for remote site connectivity, SCADA communications, or RTU/PLC connections. Any organization using these routers for site-to-site links, remote facility monitoring, or integrating IoT/mobile network uplinks is affected.

How it could be exploited

An attacker on the network can send specially crafted packets to the affected router to trigger buffer overflows, integer overflows, or resource exhaustion conditions that crash the device or degrade performance. No authentication is required. The router must be reachable from the attacker's network position (directly or through routing).

Prerequisites

Network-layer access to the affected SCALANCE or RUGGEDCOM device
No authentication required to exploit the vulnerability
Device running firmware version below V8.2

Remotely exploitable from networkNo authentication requiredLow complexity to exploitHigh EPSS score relative to disclosure (3.9%)Multiple vulnerability classes (buffer overflows, integer overflows, resource leaks)Critical boundary device - router handles inter-network traffic

Exploitability

Some exploitation risk — EPSS score 4.2%

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

SCALANCE MUM853-1 (EU)<V8.28.2

SCALANCE MUM856-1 (A1)<V8.28.2

SCALANCE MUM856-1 (B1)<V8.28.2

RUGGEDCOM RM1224 LTE(4G) EU<V8.28.2

RUGGEDCOM RM1224 LTE(4G) NAM<V8.28.2

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to these routers using firewall rules; allow only known trusted sources and required management protocols

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all SCALANCE M-800 family devices and RUGGEDCOM RM1224 models to firmware version 8.2 or later

HARDENINGIf remote management is required, enforce VPN access with strong authentication and restrict management access to specific IP ranges

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SCALANCE/RUGGEDCOM devices from direct internet and untrusted network access

CVEs (16)

CVE-2024-2511 CVE-2024-5594 CVE-2024-4741 CVE-2024-4603 CVE-2021-3506 CVE-2023-28450 CVE-2023-49441 CVE-2024-26306 CVE-2024-26925 CVE-2024-28882 CVE-2024-50557 CVE-2024-50558 CVE-2024-50559 CVE-2024-50560 CVE-2024-50561 CVE-2024-50572

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/74098afd-af26-4802-addd-3441318992b6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.