Multiple Vulnerabilities in SCALANCE M-800 Family Before V8.2

Plan Patch7.5SSA-354112Nov 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SCALANCE M-800 family and RUGGEDCOM RM1224 routers before version V8.2 contain multiple vulnerabilities including buffer overflows (CWE-125), improper input validation (CWE-20), information disclosure (CWE-311, CWE-203), use-after-free (CWE-416), integer overflow (CWE-190), and denial of service weaknesses (CWE-400, CWE-667). These vulnerabilities affect secure communication and availability of remote connectivity routers used in industrial networks. An attacker with network access could cause denial of service, extract sensitive configuration or credential information, or potentially execute arbitrary code on affected devices.

What this means

What could happen

An attacker on the network could cause denial of service, access sensitive data, or execute unauthorized commands on SCALANCE and RUGGEDCOM routers used to connect industrial networks to remote sites. This could disrupt remote monitoring and control of critical infrastructure.

Who's at risk

Water utilities, electric utilities, oil and gas operators, and other critical infrastructure organizations that use Siemens SCALANCE M-800 series routers (M804, M812, M816, M826, M874, M876, S615) or RUGGEDCOM RM1224 LTE routers for remote site connectivity and SCADA network access. These devices are commonly deployed in substations, pumping stations, and remote field sites.

How it could be exploited

An attacker with network access to the router's management interface or data ports could exploit multiple vulnerabilities—including buffer overflows, improper input validation, and information disclosure flaws—to crash the device, read configuration data, or potentially gain command execution. No authentication is required for some vulnerabilities.

Prerequisites

Network access to the SCALANCE M-800 or RUGGEDCOM router
No authentication required for some vulnerabilities
Device running firmware version earlier than V8.2

remotely exploitableno authentication required for some vulnerabilitieslow complexityaffects network connectivity to critical systemshigh CVSS score (7.5)

Exploitability

Moderate exploit probability (EPSS 4.5%)

Affected products (24)

24 with fix

ProductAffected VersionsFix Status

RUGGEDCOM RM1224 LTE(4G) EU< V8.28.2

RUGGEDCOM RM1224 LTE(4G) NAM< V8.28.2

SCALANCE M804PB< V8.28.2

SCALANCE M812-1 ADSL-Router< V8.28.2

SCALANCE M816-1 ADSL-Router< V8.28.2

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to router management interfaces using firewall rules—only allow administrative traffic from trusted engineering networks

WORKAROUNDDisable unnecessary services on the router if the firmware cannot be updated immediately

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SCALANCE M-800 and RUGGEDCOM routers to firmware version V8.2 or later

Long-term hardening

0/1

HARDENINGSegment remote access networks and implement network access controls to limit exposure of routers to untrusted networks

CVEs (16)

CVE-2021-3506 CVE-2023-28450 CVE-2023-49441 CVE-2024-2511 CVE-2024-4603 CVE-2024-4741 CVE-2024-5594 CVE-2024-26306 CVE-2024-26925 CVE-2024-28882 CVE-2024-50557 CVE-2024-50558 CVE-2024-50559 CVE-2024-50560 CVE-2024-50561 CVE-2024-50572

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/031fd821-e5c3-4fcb-93a1-70cd62c99cb4