CVE-2024-41797
Published: Jun 10, 2025
Modified: Jun 10, 2025
CVSS v3.1
4.3
Description
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log.
| Vendor | Product | Versions |
|---|---|---|
Siemens | RUGGEDCOM RST2428P | affected 0 - < V3.1 |
Siemens | SCALANCE XC316-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XC324-4 | affected 0 - < V3.1 |
Siemens | SCALANCE XC324-4 EEC | affected 0 - < V3.1 |
Siemens | SCALANCE XC332 | affected 0 - < V3.1 |
Siemens | SCALANCE XC416-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XC424-4 | affected 0 - < V3.1 |
Siemens | SCALANCE XC432 | affected 0 - < V3.1 |
Siemens | SCALANCE XCH328 | affected 0 - < V3.1 |
Siemens | SCALANCE XCM324 | affected 0 - < V3.1 |
Siemens | SCALANCE XCM328 | affected 0 - < V3.1 |
Siemens | SCALANCE XCM332 | affected 0 - < V3.1 |
Siemens | SCALANCE XR302-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR302-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR302-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR322-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR322-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR322-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR326-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XR326-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XR326-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XR326-8 EEC | affected 0 - < V3.1 |
Siemens | SCALANCE XR502-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR502-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR502-32 | affected 0 - < V3.1 |
Siemens | SCALANCE XR522-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR522-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR522-12 | affected 0 - < V3.1 |
Siemens | SCALANCE XR526-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XR526-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XR526-8 | affected 0 - < V3.1 |
Siemens | SCALANCE XRH334 (24 V DC, 8xFO, CC) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (230 V AC, 12xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (230 V AC, 8xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (24 V DC, 12xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (24 V DC, 8xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (2x230 V AC, 12xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (2x230 V AC, 8xFO) | affected 0 - < V3.1 |
Siemens | SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) | affected 0 - < V3.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now