CVE-2024-41976

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM RM1224 LTE(4G) EU versions prior to V8.1 RUGGEDCOM RM1224 LTE(4G) NAM versions prior to V8.1 SCALANCE M804PB versions prior to V8.1 SCALANCE M812-1 ADSL-Router family versions prior to V8.1 SCALANCE M816-1 ADSL-Router family versions prior to V8.1 SCALANCE M826-2 SHDSL-Router versions prior to V8.1 SCALANCE M874-2 versions prior to V8.1 SCALANCE M874-3 versions prior to V8.1 SCALANCE M874-3 3G-Router (CN) versions prior to V8.1 SCALANCE M876-3 versions prior to V8.1 SCALANCE M876-3 (ROK) versions prior to V8.1 SCALANCE M876-4 versions prior to V8.1 SCALANCE M876-4 (EU) versions prior to V8.1 SCALANCE M876-4 (NAM) versions prior to V8.1 SCALANCE MUM853-1 (A1) versions prior to V8.1 SCALANCE MUM853-1 (B1) versions prior to V8.1 SCALANCE MUM853-1 (EU) versions prior to V8.1 SCALANCE MUM856-1 (A1) versions prior to V8.1 SCALANCE MUM856-1 (B1) versions prior to V8.1 SCALANCE MUM856-1 (CN) versions prior to V8.1 SCALANCE MUM856-1 (EU) versions prior to V8.1 SCALANCE MUM856-1 (RoW) versions prior to V8.1 SCALANCE S615 EEC LAN-Router versions prior to V8.1 SCALANCE S615 LAN-Router versions prior to V8.1

Description: The issue is related to improper input validation in specific VPN configuration fields, which could allow an authenticated remote attacker to execute arbitrary code on the device. This is a critical cybersecurity issue that affects various SCALANCE and RUGGEDCOM devices.

Recommendations: For all versions prior to V8.1, upgrade to version V8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the VPN configuration fields to minimize the risk of exploitation. Avoid using the vulnerable devices for critical operations until the issue is resolved. Note: The provided information does not include specific mitigation measures for each affected version, so a general recommendation to upgrade to a fixed version is provided.