CVE-2024-50558

Name of the Vulnerable Software and Affected Versions RUGGEDCOM RM1224 LTE(4G) EU versions < V8.2 RUGGEDCOM RM1224 LTE(4G) NAM versions < V8.2 SCALANCE M804PB versions < V8.2 SCALANCE M812-1 ADSL-Router versions < V8.2 SCALANCE M816-1 ADSL-Router versions < V8.2 SCALANCE M826-2 SHDSL-Router versions < V8.2 SCALANCE M874-2 versions < V8.2 SCALANCE M874-3 versions < V8.2 SCALANCE M874-3 3G-Router (CN) versions < V8.2 SCALANCE M876-3 versions < V8.2 SCALANCE M876-3 (ROK) versions < V8.2 SCALANCE M876-4 versions < V8.2 SCALANCE M876-4 (EU) versions < V8.2 SCALANCE M876-4 (NAM) versions < V8.2 SCALANCE MUM853-1 versions < V8.2 SCALANCE MUM856-1 versions < V8.2 SCALANCE S615 EEC LAN-Router versions < V8.2 SCALANCE S615 LAN-Router versions < V8.2

Description The affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition. The vulnerability is related to incorrect access control in the SCALANCE M-800 family of industrial routers, including S615, MUM-800, and RM1224. Exploitation of the vulnerability may allow a remote attacker to cause a denial of service.

Recommendations For all versions < V8.2, update to version V8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected devices until a patch is available. Restrict access to the devices to minimize the risk of exploitation. Avoid using the devices in sensitive environments until the issue is resolved. At the moment, there is no other information about additional mitigation measures.