CVE-2024-41797

Severity Score

5.3

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

Low

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-22 CVE Reserved
2025-06-10 CVE Published
2025-06-10 CVE Updated
2025-07-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (1)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-633269.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Ruggedcom Rst2228p Search vendor "Siemens" for product "Ruggedcom Rst2228p"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr552-12 Search vendor "Siemens" for product "Scalance Xr552-12"				*		-		Affected
Siemens Search vendor "Siemens"		Ruggedcom Rst2428p Firmware Search vendor "Siemens" for product "Ruggedcom Rst2428p Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc316-8 Firmware Search vendor "Siemens" for product "Scalance Xc316-8 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc324-4 Eec Firmware Search vendor "Siemens" for product "Scalance Xc324-4 Eec Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc324-4 Firmware Search vendor "Siemens" for product "Scalance Xc324-4 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc332 Firmware Search vendor "Siemens" for product "Scalance Xc332 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc416-8 Firmware Search vendor "Siemens" for product "Scalance Xc416-8 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc424-4 Firmware Search vendor "Siemens" for product "Scalance Xc424-4 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xc432 Firmware Search vendor "Siemens" for product "Scalance Xc432 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xch328 Firmware Search vendor "Siemens" for product "Scalance Xch328 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xcm324 Firmware Search vendor "Siemens" for product "Scalance Xcm324 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xcm328 Firmware Search vendor "Siemens" for product "Scalance Xcm328 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xcm332 Firmware Search vendor "Siemens" for product "Scalance Xcm332 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr302-32 Firmware Search vendor "Siemens" for product "Scalance Xr302-32 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr322-12 Firmware Search vendor "Siemens" for product "Scalance Xr322-12 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr326-8 Eec Firmware Search vendor "Siemens" for product "Scalance Xr326-8 Eec Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr326-8 Firmware Search vendor "Siemens" for product "Scalance Xr326-8 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr502-32 Firmware Search vendor "Siemens" for product "Scalance Xr502-32 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr522-12 Firmware Search vendor "Siemens" for product "Scalance Xr522-12 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xr526-8 Firmware Search vendor "Siemens" for product "Scalance Xr526-8 Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrh334 (24 V Dc, 8xfo, Cc) Firmware Search vendor "Siemens" for product "Scalance Xrh334 (24 V Dc, 8xfo, Cc) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (230 V Ac, 12xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (230 V Ac, 12xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (230 V Ac, 8xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (230 V Ac, 8xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (230v Ac, 2x10g, 24xsfp, 8xsfp+) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (230v Ac, 2x10g, 24xsfp, 8xsfp+) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (24 V Dc, 12xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (24 V Dc, 12xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (24 V Dc, 8xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (24 V Dc, 8xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (24v Dc, 2x10g, 24xsfp, 8xsfp+) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (24v Dc, 2x10g, 24xsfp, 8xsfp+) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (2x230 V Ac, 12xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (2x230 V Ac, 12xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (2x230 V Ac, 8xfo) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (2x230 V Ac, 8xfo) Firmware"				*		-		Affected
Siemens Search vendor "Siemens"		Scalance Xrm334 (2x230v Ac, 2x10g, 24xsfp, 8xsfp+) Firmware Search vendor "Siemens" for product "Scalance Xrm334 (2x230v Ac, 2x10g, 24xsfp, 8xsfp+) Firmware"				*		-		Affected