VDB

CVE-2024-41977

CVE-2024-41977 PUBLISHED CVSS 7.099999904632568 HIGH

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices do not properly enforce isolation between user sessions in their web server component. This could allow an authenticated remote attacker to escalate their privileges on the devices.

EPSS 1.24% · 79.6th percentile

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
1.24%
79.6th percentile

Affected Products

VendorProductVersions
siemensscalance_mum856-1_\(b1\)_firmware0
SiemensSCALANCE M826-2 SHDSL-Router0
SiemensSCALANCE M816-1 ADSL-Router family0
siemensscalance_m874-2_firmware0
SiemensSCALANCE MUM853-1 (B1)0
SiemensRUGGEDCOM RM1224 LTE(4G) NAM0
siemensscalance_mum856-1_\(row\)_firmware0
siemensscalance_m804pb_firmware0
SiemensSCALANCE M876-30
SiemensSCALANCE M876-4 (EU)0
siemensscalance_m874-3_firmware0
siemensscalance_mum856-1_\(cn\)_firmware0
siemensscalance_m874-3_3g-router_\(cn\)_firmware0
siemensscalance_m876-4_\(eu\)_firmware0
SiemensSCALANCE MUM853-1 (A1)0
siemensscalance_m876-3_firmware0
siemensscalance_mum853-1_\(b1\)_firmware0
siemensscalance_mum853-1_\(eu\)_firmware0
SiemensSCALANCE MUM856-1 (CN)0
siemensscalance_m816-1_\(annex_b\)_firmware0

…and 31 more

Timeline

  • Aug 13, 2024 CVE Published
  • Aug 13, 2024 EPSS Score
  • Aug 13, 2024 PoC Published
  • Aug 13, 2024 CVE Updated
  • Sep 3, 2024 EPSS Score
  • Sep 24, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 14, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score
  • Nov 25, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Jan 7, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›