CVE-2024-41976
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-41976 is a newly identified vulnerability that affects multiple RUGGEDCOM and SCALANCE router models from Version 8.1 and below. These devices fail to validate user input in certain VPN configuration fields, creating an opportunity for authenticated remote attackers to execute arbitrary code on the affected devices. This issue potentially impacts the following models: RM1224 LTE, SCALANCE M804PB, M812-1 and M816-1 ADSL-Routers, M826-2 SHDSL-Router, M874-2 and M874-3, M876-3 (A1, B1, ROK, EU, NAM), MUM853-1 (A1, B1, EU), MUM856-1 (A1, B1, CN, EU, RoW), and S615 EEC and LAN-Routers. Successful exploitation of this vulnerability could lead to significant security risks and potential unauthorized access to networks. Users are strongly advised to update their devices to the latest version, V8.1, or contact the vendor for further assistance.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Siemens AG