fkie_cve-2024-41797
Vulnerability from fkie_nvd
Published
2025-06-10 16:15
Modified
2025-06-12 16:06
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions \u003c V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions \u003c V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions \u003c V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions \u003c V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions \u003c V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions \u003c V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions \u003c V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions \u003c V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions \u003c V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions \u003c V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions \u003c V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions \u003c V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions \u003c V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions \u003c V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions \u003c V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions \u003c V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions \u003c V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions \u003c V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions \u003c V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions \u003c V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions \u003c V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions \u003c V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions \u003c V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions \u003c V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions \u003c V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions \u003c V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions \u003c V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions \u003c V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions \u003c V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions \u003c V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions \u003c V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions \u003c V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions \u003c V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions \u003c V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions \u003c V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions \u003c V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions \u003c V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions \u003c V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions \u003c V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions \u003c V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions \u003c V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with \"guest\" role to invoke an internal \"do system\" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en RUGGEDCOM RST2428P (6GK6242-6PA00) (Todas las versiones \u0026lt; V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (Todas las versiones \u0026lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (230 V CA, 8xFO) (6GK5334-2TS01-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (230 V CA, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (24 V CC, 12xFO) (6GK5334-3TS01-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (24 V CC, 8xFO) (6GK5334-2TS01-2AR3) (Todas las versiones \u0026lt; V3.1), SCALANCE XRM334 (24 V CC, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-2AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 12 x FO) (6GK5334-3TS01-4AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 8 x FO) (6GK5334-2TS01-4AR3) (Todas las versiones anteriores a la V3.1), SCALANCE XRM334 (2 x 230 V CA, 2 x 10 G, 24 x SFP, 8 x SFP+) (6GK5334-5TS01-4AR3) (Todas las versiones anteriores a la V3.1). Los dispositivos afectados presentan una vulnerabilidad de comprobaci\u00f3n de autorizaci\u00f3n incorrecta. Esto podr\u00eda permitir que un atacante remoto autenticado con rol de invitado invoque un comando interno \"do system\" que excede sus privilegios. Este comando permite la ejecuci\u00f3n de ciertas acciones de bajo riesgo, la m\u00e1s cr\u00edtica de las cuales es borrar el registro del sistema local."
}
],
"id": "CVE-2024-41797",
"lastModified": "2025-06-12T16:06:39.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "productcert@siemens.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T16:15:34.990",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-633269.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…