CVE-2024-2004 curl CVE debrief

Who should care

Organizations operating Siemens SINEC NMS in industrial control system environments should apply the vendor update. Security teams reviewing curl configurations in embedded or OT products should verify protocol restriction implementations. The low practical impact limits broader concern, but defense-in-depth principles support patching.

Technical summary

The vulnerability exists in curl's protocol selection logic. When using `--proto -all,-http` to disable all protocols including HTTP, the intended behavior is to block all protocol access. However, due to a logic error in protocol removal, the default protocol set remains allowed. This means a subsequent request to an HTTP URL would still proceed despite explicit disabling. The flaw requires a specific, non-functional configuration (disabling all protocols without enabling any), which limits practical exploitability. The fix ensures proper protocol set management when all protocols are disabled.

Defensive priority

low

Recommended defensive actions

• Update Siemens SINEC NMS to V3.0 SP1 or later version to address the embedded curl vulnerability
• Review application configurations that use curl's --proto option to ensure protocol restrictions are properly implemented
• Monitor vendor security advisories for Siemens SINEC NMS for additional guidance

Evidence notes

The vulnerability description is derived from CISA ICS Advisory ICSA-24-319-04, which references Siemens Security Advisory SSA-331112. The flaw is specific to curl's protocol selection parameter handling and does not represent a protocol implementation vulnerability. The affected product is Siemens SINEC NMS, which incorporates the vulnerable curl component.

Official resources