Skip to main content

CVE-2024-41797: CWE-269: Improper Privilege Management in Siemens RUGGEDCOM RST2428P

Medium
VulnerabilityCVE-2024-41797cvecve-2024-41797cwe-269
Published: Tue Jun 10 2025 (06/10/2025, 15:17:11 UTC)
Source: CVE Database V5
Vendor/Project: Siemens
Product: RUGGEDCOM RST2428P

Description

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

AI-Powered Analysis

AILast updated: 07/10/2025, 20:02:35 UTC

Technical Analysis

CVE-2024-41797 is a security vulnerability identified in multiple Siemens industrial networking devices, specifically the RUGGEDCOM RST2428P and a wide range of SCALANCE series switches and routers (all versions prior to V3.1). The root cause is an improper privilege management flaw (CWE-269) that allows an authenticated remote attacker with only "guest" level access to invoke an internal "do system" command. This command exceeds the privileges normally granted to the guest role and permits execution of certain low-risk system actions, the most significant being the ability to clear the local system log. The vulnerability arises due to incorrect authorization checks that fail to properly restrict guest users from executing this command. The CVSS v3.1 base score is 4.3 (medium severity), reflecting that the attack vector is network-based (AV:N), requires low attack complexity (AC:L), but does require privileges (PR:L) and no user interaction (UI:N). The impact is limited to integrity, as confidentiality and availability are not directly affected. While the actions enabled by this command are considered low risk, clearing system logs can hinder forensic investigations and incident response, potentially allowing attackers to cover their tracks after further exploitation. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may require Siemens firmware updates or configuration changes once available. The affected devices are industrial-grade network switches and routers commonly deployed in critical infrastructure and industrial control systems (ICS).

Potential Impact

For European organizations, especially those operating critical infrastructure sectors such as energy, manufacturing, transportation, and utilities, this vulnerability poses a moderate risk. Siemens SCALANCE and RUGGEDCOM devices are widely used in industrial environments across Europe due to Siemens' strong market presence. An attacker exploiting this flaw could erase system logs, impeding detection and forensic analysis of malicious activities. Although the vulnerability does not directly enable system takeover or data exfiltration, the ability to remove audit trails can facilitate prolonged undetected intrusions or sabotage. This is particularly concerning in regulated environments subject to stringent cybersecurity and compliance requirements (e.g., NIS Directive, GDPR). The vulnerability requires authenticated guest access, which might be obtained via weak credentials, social engineering, or other attack vectors, emphasizing the importance of strong access controls. The medium severity rating reflects that while the immediate damage is limited, the indirect consequences on incident response and system integrity could be significant in high-value industrial contexts.

Mitigation Recommendations

1. Immediate mitigation should focus on restricting or disabling guest-level access on affected Siemens devices to prevent unauthorized command execution. 2. Implement strong authentication mechanisms, including complex passwords and, where possible, multi-factor authentication for device management interfaces. 3. Monitor and audit access logs closely for any unusual guest account activity, even though logs can be cleared, correlating with network traffic anomalies. 4. Network segmentation should isolate industrial control devices from general IT networks and limit remote access to trusted personnel only. 5. Siemens should be engaged to obtain and apply firmware updates or patches that address this improper privilege management vulnerability as soon as they become available. 6. Where patching is delayed, consider compensating controls such as enhanced network intrusion detection systems (IDS) tuned to detect anomalous command execution patterns on these devices. 7. Regularly back up system logs and configuration data externally to prevent loss from local log clearing. 8. Conduct security awareness training for operational technology (OT) staff to recognize and respond to suspicious activities involving device management interfaces.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
siemens
Date Reserved
2024-07-22T13:19:53.377Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f501b0bd07c39389a45

Added to database: 6/10/2025, 6:54:08 PM

Last enriched: 7/10/2025, 8:02:35 PM

Last updated: 8/18/2025, 5:48:48 AM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats