SSA-723487
This advisory documents the impact of CVE-2024-3596 (also dubbed "Blastradius"), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to forge Access-Request packets in a way that enables them to modify the corresponding server response packet at will, e.g., turning an "Access-Reject" message into an "Access-Accept". This would cause the Network Access Server to grant the attackers access to the network with the attackers desired authorization (and without the need of knowing or guessing legitimate access credentials). Further details incl. external references can be found in the chapter "Additional Information". Siemens has released new versions for several affected products and recommends to update to the latest versions, and to configure the updated systems as recommended in the chapter "Additional Information". Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. See chapter "Additional Information" for details.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RUGGEDCOM M2100NC | ||
| RUGGEDCOM i803NC | ||
| RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) | ||
| RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) | ||
| RUGGEDCOM i801NC | ||
| RUGGEDCOM M2200 | ||
| RUGGEDCOM i801 | ||
| RUGGEDCOM i800NC | ||
| RUGGEDCOM i803 | ||
| RUGGEDCOM CROSSBOW | ||
| RUGGEDCOM i800 | ||
| RUGGEDCOM RMC8388 V4.X | ||
| RUGGEDCOM i802 | ||
| RUGGEDCOM M969 | ||
| RUGGEDCOM RMC30 | ||
| RUGGEDCOM M2100 | ||
| RUGGEDCOM M969NC | ||
| RUGGEDCOM M2200NC | ||
| RUGGEDCOM RMC30NC | ||
| RUGGEDCOM i802NC |
Exploit Intelligence
- alperenugurlu/CVE-2024-3596-Detector (github-poc)
- alperenugurlu/CVE-2024-3596-Detector (github-poc)
- https://support.industry.siemens.com/cs/ww/en/view/109976555/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109976047/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109977720/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109988839/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109982245/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109977251/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109977185/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109989952/ (circl)
…and 10 more exploits
Timeline
- Jul 9, 2024 CVE Published
- Dec 9, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-723487.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-723487.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109977441/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109997648/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109977720/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109988839/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109982245/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109977251/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109977185/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109989952/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109976555/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109976047/ fix