This advisory documents the impact of CVE-2024-3596 (also dubbed “Blastradius”), a vulnerability in the RADIUS protocol, to SCALANCE, RUGGEDCOM and related products.
The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., SCALANCE or RUGGEDCOM devices) and a RADIUS server (e.g., SINEC INS), to forge Access-Request packets in a way that enables them to modify the corresponding server response packet at will, e.g., turning an “Access-Reject” message into an “Access-Accept”. This would cause the Network Access Server to grant the attackers access to the network with the attackers desired authorization (and without the need of knowing or guessing legitimate access credentials).
Further details, the impact to SCALANCE, RUGGEDCOM and related products, specific countermeasures and external references can be found in the chapter “Additional Information”.
Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.

https://cert-portal.siemens.com/productcert/html/ssa-723487.html