Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41978

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M812-1 ADSL-Router family (All versions < V8.1), SCALANCE M816-1 ADSL-Router family (All versions < V8.1), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.1), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.1), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.1), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.1), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.1), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.1), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.1), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.1), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.1), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.1), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.1), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.1), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.1), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.1), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.1), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.1), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.1), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.1). Affected devices insert sensitive information about the generation of 2FA tokens into log files. This could allow an authenticated remote attacker to forge 2FA tokens of other users.

Published

2024-08-13T08:15:15.903

Last Modified

2024-08-23T18:34:36.283

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	siemens	ruggedcom_rm1224_lte\(4g\)_eu_firmware	< 8.1	Yes
Hardware	siemens	ruggedcom_rm1224_lte\(4g\)_eu	-	No
Operating System	siemens	ruggedcom_rm1224_lte\(4g\)_nam_firmware	< 8.1	Yes
Hardware	siemens	ruggedcom_rm1224_lte\(4g\)_nam	-	No
Operating System	siemens	scalance_m804pb_firmware	< 8.1	Yes
Hardware	siemens	scalance_m804pb	-	No
Operating System	siemens	scalance_m826-2_shdsl-router_firmware	< 8.1	Yes
Hardware	siemens	scalance_m826-2_shdsl-router	-	No
Operating System	siemens	scalance_m874-2_firmware	< 8.1	Yes
Hardware	siemens	scalance_m874-2	-	No
Operating System	siemens	scalance_m874-3_firmware	< 8.1	Yes
Hardware	siemens	scalance_m874-3	-	No
Operating System	siemens	scalance_m876-3_firmware	< 8.1	Yes
Hardware	siemens	scalance_m876-3	-	No
Operating System	siemens	scalance_m876-4_firmware	< 8.1	Yes
Hardware	siemens	scalance_m876-4	-	No
Operating System	siemens	scalance_m874-3_3g-router_\(cn\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m874-3_3g-router_\(cn\)	-	No
Operating System	siemens	scalance_m876-3_\(rok\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m876-3_\(rok\)	-	No
Operating System	siemens	scalance_m876-4_\(eu\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m876-4_\(eu\)	-	No
Operating System	siemens	scalance_m876-4_\(nam\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m876-4_\(nam\)	-	No
Operating System	siemens	scalance_mum853-1_\(a1\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum853-1_\(a1\)	-	No
Operating System	siemens	scalance_mum853-1_\(b1\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum853-1_\(b1\)	-	No
Operating System	siemens	scalance_mum853-1_\(eu\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum853-1_\(eu\)	-	No
Operating System	siemens	scalance_mum856-1_\(a1\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum856-1_\(a1\)	-	No
Operating System	siemens	scalance_mum856-1_\(b1\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum856-1_\(b1\)	-	No
Operating System	siemens	scalance_mum856-1_\(cn\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum856-1_\(cn\)	-	No
Operating System	siemens	scalance_mum856-1_\(eu\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum856-1_\(eu\)	-	No
Operating System	siemens	scalance_mum856-1_\(row\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_mum856-1_\(row\)	-	No
Operating System	siemens	scalance_s615_eec_lan-router_firmware	< 8.1	Yes
Hardware	siemens	scalance_s615_eec_lan-router	-	No
Operating System	siemens	scalance_s615_lan-router_firmware	< 8.1	Yes
Hardware	siemens	scalance_s615_lan-router	-	No
Operating System	siemens	scalance_m812-1_\(annex_a\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m812-1_\(annex_a\)	-	No
Operating System	siemens	scalance_m812-1_\(annex_b\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m812-1_\(annex_b\)	-	No
Operating System	siemens	scalance_m816-1_\(annex_a\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m816-1_\(annex_a\)	-	No
Operating System	siemens	scalance_m816-1_\(annex_b\)_firmware	< 8.1	Yes
Hardware	siemens	scalance_m816-1_\(annex_b\)	-	No

References

https://cert-portal.siemens.com/productcert/html/ssa-087301.html Vendor Advisory ([email protected])