CVE-2024-41977

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:scalance_m826-2_shdsl-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m826-2_shdsl-router:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:scalance_m874-3_3g-router_\(cn\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3_3g-router_\(cn\):-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:siemens:scalance_s615_eec_lan-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615_eec_lan-router:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:siemens:scalance_s615_lan-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615_lan-router:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:*

History

23 Aug 2024, 18:39

Type Values Removed Values Added
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 8.0
CPE cpe:2.3:h:siemens:scalance_m876-3_\(rok\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_s615_eec_lan-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m874-3_3g-router_\(cn\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(row\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4_\(eu\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(b1\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-4_\(nam\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1_\(annex_b\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-3_\(rok\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(a1\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1_\(annex_b\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615_lan-router:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(eu\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_nam:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(eu\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(a1\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m812-1_\(annex_a\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_s615_eec_lan-router:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m826-2_shdsl-router:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m816-1_\(annex_a\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-3_3g-router_\(cn\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_s615_lan-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m826-2_shdsl-router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m876-4_\(nam\):-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rm1224_lte\(4g\)_eu:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum856-1_\(cn\):-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_mum853-1_\(b1\):-:*:*:*:*:*:*:*
First Time Siemens scalance M816-1 \(annex B\)
Siemens scalance M874-3 3g-router \(cn\)
Siemens scalance M874-2 Firmware
Siemens scalance Mum856-1 \(b1\) Firmware
Siemens scalance S615 Eec Lan-router Firmware
Siemens scalance M876-4 \(nam\)
Siemens
Siemens scalance Mum856-1 \(b1\)
Siemens scalance Mum856-1 \(a1\)
Siemens scalance Mum853-1 \(b1\) Firmware
Siemens scalance M876-4 \(eu\) Firmware
Siemens scalance Mum856-1 \(row\) Firmware
Siemens scalance S615 Eec Lan-router
Siemens ruggedcom Rm1224 Lte\(4g\) Nam Firmware
Siemens scalance M812-1 \(annex B\)
Siemens scalance M826-2 Shdsl-router
Siemens scalance Mum856-1 \(eu\) Firmware
Siemens scalance M874-3
Siemens scalance M876-3
Siemens ruggedcom Rm1224 Lte\(4g\) Nam
Siemens scalance M876-4 \(nam\) Firmware
Siemens scalance Mum856-1 \(row\)
Siemens scalance M804pb
Siemens scalance S615 Lan-router Firmware
Siemens scalance M816-1 \(annex A\) Firmware
Siemens scalance S615 Lan-router
Siemens scalance M876-4 \(eu\)
Siemens scalance M876-3 \(rok\) Firmware
Siemens scalance Mum856-1 \(eu\)
Siemens scalance M876-4
Siemens scalance M876-3 Firmware
Siemens scalance M826-2 Shdsl-router Firmware
Siemens scalance M874-3 3g-router \(cn\) Firmware
Siemens scalance M876-3 \(rok\)
Siemens scalance Mum853-1 \(b1\)
Siemens scalance M816-1 \(annex A\)
Siemens scalance M874-2
Siemens ruggedcom Rm1224 Lte\(4g\) Eu Firmware
Siemens scalance Mum853-1 \(a1\) Firmware
Siemens scalance M804pb Firmware
Siemens scalance M812-1 \(annex A\) Firmware
Siemens scalance Mum853-1 \(eu\) Firmware
Siemens scalance Mum856-1 \(cn\) Firmware
Siemens scalance Mum856-1 \(cn\)
Siemens scalance Mum856-1 \(a1\) Firmware
Siemens scalance M812-1 \(annex B\) Firmware
Siemens scalance M876-4 Firmware
Siemens scalance M816-1 \(annex B\) Firmware
Siemens ruggedcom Rm1224 Lte\(4g\) Eu
Siemens scalance M812-1 \(annex A\)
Siemens scalance Mum853-1 \(eu\)
Siemens scalance M874-3 Firmware
Siemens scalance Mum853-1 \(a1\)
Summary
  • (es) Se ha identificado una vulnerabilidad en RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (Todas las versiones &lt; V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (Todas las versiones &lt; V8.1 ), SCALANCE M804PB (6GK5804-0AP00-2AA2) (Todas las versiones &lt; V8.1), Familia de enrutadores ADSL SCALANCE M812-1 (Todas las versiones &lt; V8.1), Familia de enrutadores ADSL SCALANCE M816-1 (Todas las versiones &lt; V8 .1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (todas las versiones &lt; V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (todas las versiones &lt; V8.1), SCALANCE M874- 3 (6GK5874-3AA00-2AA2) (Todas las versiones &lt; V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (Todas las versiones &lt; V8.1), SCALANCE M876-3 (6GK5876- 3AA02-2BA2) (Todas las versiones &lt; V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (Todas las versiones &lt; V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (Todas las versiones &lt; V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (Todas las versiones &lt; V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (Todas las versiones &lt; V8.1 ), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (Todas las versiones &lt; V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (Todas las versiones &lt; V8.1), SCALANCE MUM853 -1 (UE) (6GK5853-2EA00-2DA1) (Todas las versiones &lt; V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (Todas las versiones &lt; V8.1), SCALANCE MUM856-1 (B1 ) (6GK5856-2EA10-3BA1) (Todas las versiones &lt; V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (Todas las versiones &lt; V8.1), SCALANCE MUM856-1 (EU) (6GK5856- 2EA00-3DA1) (Todas las versiones &lt; V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (Todas las versiones &lt; V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) ( Todas las versiones &lt; V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (Todas las versiones &lt; V8.1). Los dispositivos afectados no aplican adecuadamente el aislamiento entre sesiones de usuario en su componente de servidor web. Esto podría permitir que un atacante remoto autenticado escale sus privilegios en los dispositivos.
References () https://cert-portal.siemens.com/productcert/html/ssa-087301.html - () https://cert-portal.siemens.com/productcert/html/ssa-087301.html - Vendor Advisory

13 Aug 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 08:15

Updated : 2024-08-23 18:39


NVD link : CVE-2024-41977

Mitre link : CVE-2024-41977

CVE.ORG link : CVE-2024-41977


JSON object : View

Products Affected

siemens

  • scalance_mum853-1_\(a1\)_firmware
  • scalance_m876-4
  • scalance_m874-3_3g-router_\(cn\)_firmware
  • scalance_m876-4_\(nam\)_firmware
  • scalance_mum853-1_\(eu\)
  • scalance_s615_lan-router_firmware
  • scalance_mum856-1_\(b1\)
  • scalance_m876-3
  • scalance_mum856-1_\(eu\)
  • scalance_m876-4_firmware
  • scalance_m816-1_\(annex_a\)
  • scalance_s615_eec_lan-router
  • scalance_m812-1_\(annex_b\)
  • scalance_m816-1_\(annex_a\)_firmware
  • scalance_mum856-1_\(row\)
  • scalance_mum853-1_\(a1\)
  • scalance_mum856-1_\(b1\)_firmware
  • scalance_m812-1_\(annex_a\)
  • scalance_s615_lan-router
  • scalance_m816-1_\(annex_b\)_firmware
  • ruggedcom_rm1224_lte\(4g\)_eu_firmware
  • scalance_m876-3_\(rok\)_firmware
  • ruggedcom_rm1224_lte\(4g\)_eu
  • scalance_m874-2
  • scalance_m816-1_\(annex_b\)
  • ruggedcom_rm1224_lte\(4g\)_nam
  • scalance_m876-3_\(rok\)
  • scalance_m874-2_firmware
  • scalance_m876-3_firmware
  • scalance_m804pb
  • scalance_m876-4_\(eu\)_firmware
  • scalance_mum856-1_\(row\)_firmware
  • scalance_m826-2_shdsl-router_firmware
  • scalance_mum856-1_\(a1\)_firmware
  • scalance_mum856-1_\(eu\)_firmware
  • scalance_m874-3_firmware
  • scalance_mum853-1_\(b1\)
  • scalance_mum856-1_\(cn\)_firmware
  • scalance_mum856-1_\(cn\)
  • scalance_mum853-1_\(eu\)_firmware
  • scalance_m826-2_shdsl-router
  • scalance_s615_eec_lan-router_firmware
  • scalance_m876-4_\(nam\)
  • scalance_mum853-1_\(b1\)_firmware
  • scalance_m876-4_\(eu\)
  • scalance_mum856-1_\(a1\)
  • scalance_m812-1_\(annex_b\)_firmware
  • scalance_m874-3_3g-router_\(cn\)
  • scalance_m874-3
  • scalance_m812-1_\(annex_a\)_firmware
  • scalance_m804pb_firmware
  • ruggedcom_rm1224_lte\(4g\)_nam_firmware
CWE
NVD-CWE-Other CWE-488

Exposure of Data Element to Wrong Session