Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.1

Plan Patch7.2SSA-087301Aug 13, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

SCALANCE M-800 family routers and RUGGEDCOM RM1224 LTE/4G cellular routers before firmware version V8.1 contain multiple vulnerabilities in resource handling, input validation, and credential management. These flaws could allow an authenticated attacker to cause denial of service, access sensitive configuration and credential data, or execute arbitrary commands on the router. Affected products include SCALANCE M804PB, M812/M816/M826 ADSL/SHDSL-Router variants, M874/M876 industrial routers, MUM853/MUM856 multi-mode routers, and SCALANCE S615 LAN-Routers. Siemens recommends updating to V8.1 or later.

What this means

What could happen

An attacker with administrative access to a SCALANCE M-800 router could cause a denial of service, read sensitive configuration data, or execute unauthorized commands on the device, disrupting network connectivity to remote sites and potentially affecting industrial operations that depend on these communication links.

Who's at risk

Operators of SCALANCE M-800 series industrial routers and RUGGEDCOM RM1224 LTE/4G cellular routers should prioritize this update. These devices are commonly used as remote site connectivity gateways in water utilities, electric utilities, and other critical infrastructure networks to provide secure communication between distributed control systems (DCS), programmable logic controllers (PLCs), and central control centers.

How it could be exploited

An attacker must first authenticate to the device with administrative credentials (or exploit an authentication bypass). Once authenticated, the attacker can exploit input validation or resource management flaws to crash the device, extract credentials and configuration data, or run arbitrary code on the router itself.

Prerequisites

Administrative credentials or valid user account on the SCALANCE device
Network access to the device's management interface (HTTP/HTTPS or similar)
Device running firmware version before V8.1

Remotely exploitable via management interfaceRequires administrative credentials to exploit most variantsLow to moderate attack complexityAffects network infrastructure critical to OT operationsMultiple independent vulnerabilities in same device family

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU<V8.18.1

RUGGEDCOM RM1224 LTE(4G) NAM<V8.18.1

SCALANCE M804PB<V8.18.1

SCALANCE M812-1 ADSL-Router family<V8.18.1

SCALANCE M816-1 ADSL-Router family<V8.18.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE M-800 and RUGGEDCOM RM1224 devices to firmware version V8.1 or later

CVEs (4)

CVE-2023-44321 CVE-2024-41976 CVE-2024-41977 CVE-2024-41978

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4fc2eef8-9d9c-4289-8349-c4fc73727f3c