Se ha identificado una vulnerabilidad en RUGGEDCOM RST2428P (6GK6242-6PA00) (Todas las versiones < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (Todas las versiones < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (Todas las versiones < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (Todas las versiones < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (Todas las versiones < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (Todas las versiones < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (Todas las versiones < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (Todas las versiones < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (Todas las versiones < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (Todas las versiones < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (Todas las versiones < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (Todas las versiones < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (Todas las versiones < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (Todas las versiones < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (Todas las versiones < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (Todas las versiones < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (Todas las versiones < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (Todas las versiones < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (Todas las versiones < V3.1), SCA

Successful exploitation of CVE-2024-41797 could allow an attacker to execute arbitrary code on the affected Siemens SCALANCE/RUGGEDCOM device. This could lead to a complete compromise of the device, enabling the attacker to intercept network traffic, modify configurations, or launch further attacks against other systems on the network. Given the industrial nature of these devices, a successful attack could disrupt critical operations and potentially cause significant financial or physical damage. The impact is amplified if these devices are used in critical infrastructure or control systems, where unauthorized access could have severe consequences. The potential for lateral movement from a compromised device to other systems within the network is a significant concern.

Organizations utilizing Siemens SCALANCE and RUGGEDCOM devices in industrial control systems, manufacturing plants, or critical infrastructure are at significant risk. Specifically, deployments relying on legacy configurations or those with limited network segmentation are particularly vulnerable. Shared hosting environments where multiple tenants share the same physical infrastructure are also at increased risk, as a compromise of one device could potentially impact others.

• linux / server:

journalctl -u rudgcomd --since "1 hour ago" | grep -i "buffer overflow"

• siemens / supply-chain:

Get-WinEvent -LogName Security -FilterXPath "/Event[System[Provider[@Name='Siemens RUGGEDCOM']]]" | Select-String -Pattern "buffer overflow"

• generic web:

curl -I <device_ip>/status | grep -i "Siemens SCALANCE"

1. 2025-06-10Disclosure

   disclosure

2. 2025-06-10Patch

   patch

1. Reservado2024-07-22
2. Publicada2025-06-10
3. EPSS actualizado2026-04-02

The primary mitigation for CVE-2024-41797 is to upgrade affected Siemens SCALANCE/RUGGEDCOM devices to version V3.1 or later. Before upgrading, it is crucial to review Siemens' release notes and compatibility documentation to ensure the upgrade does not introduce any unforeseen issues with existing configurations or connected systems. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the affected devices, enabling strict firewall rules to limit inbound traffic, and closely monitoring device logs for any suspicious activity. While a WAF or proxy cannot directly prevent the buffer overflow, they can help mitigate the impact by filtering malicious requests. After upgrading, verify the fix by attempting to trigger the vulnerability using known exploit techniques and confirming that the device remains stable.