PatchSiren cyber security CVE debrief
CVE-2024-21892 NodeJS CVE debrief
CVE-2024-21892 is a high-severity local privilege escalation vulnerability affecting Node.js, as used in Siemens SINEC INS. The flaw stems from a bug in the implementation of the CAP_NET_BIND_SERVICE capability exception, which could allow a local authenticated attacker to inject code that inherits the process's elevated privileges. The vulnerability was published on November 12, 2024, via CISA's ICS advisory ICSA-24-319-08, which references Siemens' security advisory SSA-915275. Siemens has released a vendor fix: users should update to SINEC INS V1.0 SP2 Update 3 or later. The CVSS 3.1 score of 7.8 reflects high impacts to confidentiality, integrity, and availability, with a local attack vector and low attack complexity. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- NodeJS
- Product
- SINEC INS
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SINEC INS in industrial environments, OT security teams managing Node.js-based applications, and system administrators responsible for privilege management on ICS/SCADA infrastructure.
Technical summary
A bug in Node.js's implementation of the CAP_NET_BIND_SERVICE capability exception allows local authenticated attackers to inject code that inherits elevated process privileges. This vulnerability affects Siemens SINEC INS, which embeds the vulnerable Node.js component. The flaw requires local access and low attack complexity, with high impacts to system confidentiality, integrity, and availability.
Defensive priority
HIGH
Recommended defensive actions
- Update Siemens SINEC INS to V1.0 SP2 Update 3 or later version per vendor guidance
- Review and restrict local access to systems running affected SINEC INS installations
- Apply defense-in-depth practices for industrial control systems as recommended by CISA
- Monitor for anomalous privilege escalation attempts on affected systems
- Consult Siemens security advisory SSA-915275 for additional technical details
Evidence notes
Vulnerability description and remediation guidance sourced from CISA ICS advisory ICSA-24-319-08, which references Siemens security advisory SSA-915275. CVSS vector and affected product information confirmed through CSAF product tree data.
Official resources
-
CVE-2024-21892 CVE record
CVE.org
-
CVE-2024-21892 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12