PatchSiren cyber security CVE debrief
CVE-2024-24758 nodejs CVE debrief
CVE-2024-24758 describes an information disclosure vulnerability in Undici, an HTTP/1.1 client for Node.js. While Undici properly clears Authorization headers during cross-origin redirects, it fails to clear Proxy-Authentication headers, potentially exposing proxy credentials to unintended destinations. This vulnerability affects Siemens SINEC INS, which incorporates the vulnerable Undici component. The issue was published on November 12, 2024, with patches available in Undici versions 5.28.3 and 6.6.1. Siemens has released V1.0 SP2 Update 3 to address this in their product. The CVSS 3.1 score of 3.9 (Low severity) reflects the attack complexity requirements: network access with high attack complexity, high privileges required, and user interaction needed. No known workarounds exist; patching is the only remediation. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- nodejs
- Product
- SINEC INS
- CVSS
- LOW 3.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SINEC INS for industrial network management, particularly those in critical infrastructure sectors. Node.js developers using Undici as an HTTP client, especially in applications handling sensitive proxy authentication. Security teams responsible for ICS/OT environments where credential exposure could facilitate lateral movement or unauthorized network access.
Technical summary
The Undici HTTP/1.1 client for Node.js contains an information disclosure vulnerability where Proxy-Authentication headers are not cleared during cross-origin redirects, unlike Authorization headers which are properly handled. This behavior could allow proxy credentials to be transmitted to unintended third-party servers when following redirects. The vulnerability exists in the request handling logic of Undici's redirect implementation. Siemens SINEC INS, an industrial network management system, incorporates the vulnerable Undici component and is affected by this issue. The attack requires an attacker to control or influence a server that returns a cross-origin redirect response, combined with social engineering or other means to cause a user or application to initiate a request with proxy authentication credentials to that attacker-controlled server.
Defensive priority
medium
Recommended defensive actions
- Upgrade Siemens SINEC INS to V1.0 SP2 Update 3 or later version
- Review proxy authentication configurations in affected environments
- Monitor for unauthorized proxy access attempts
- Apply principle of least privilege for proxy credentials
- Validate Undici dependency versions in Node.js applications using SINEC INS
Evidence notes
Vulnerability description and affected product information sourced from CISA CSAF advisory ICSA-24-319-08. Patch versions and remediation guidance confirmed through Siemens security advisory SSA-915275. CVSS vector and scoring details extracted from source metadata. Timeline dates derived from CVE record and CSAF publication metadata.
Official resources
-
CVE-2024-24758 CVE record
CVE.org
-
CVE-2024-24758 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12