PatchSiren cyber security CVE debrief
CVE-2024-2552 Palo Alto Networks CVE debrief
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. This vulnerability affects Siemens RUGGEDCOM APE1808 devices that incorporate Palo Alto Networks Virtual NGFW. The issue requires local access and high privileges, with a CVSS 3.1 score of 6.0 (MEDIUM). The vulnerability was disclosed on November 22, 2024, and the advisory has been updated multiple times through June 10, 2025, to include additional related CVEs.
- Vendor
- Palo Alto Networks
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-22
- Original CVE updated
- 2025-06-10
- Advisory published
- 2024-11-22
- Advisory updated
- 2025-06-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices with Palo Alto Networks Virtual NGFW, particularly in critical infrastructure and industrial control system environments. Security teams responsible for OT/ICS network security, firewall administrators, and compliance officers managing industrial cybersecurity programs should prioritize assessment and patching.
Technical summary
CVE-2024-2552 is a command injection vulnerability in Palo Alto Networks PAN-OS software that allows an authenticated administrator with high privileges to bypass system restrictions in the management plane and delete files on the firewall. The vulnerability has a CVSS 3.1 score of 6.0 (MEDIUM) with the vector AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H, indicating it requires local access and high privileges but has high impact on integrity and availability. This affects Siemens RUGGEDCOM APE1808 devices running Palo Alto Networks Virtual NGFW. The vulnerability was initially disclosed on November 22, 2024, and the advisory has been updated six times through June 10, 2025, to include additional related vulnerabilities. Remediation requires upgrading to Virtual NGFW version 11.1.8.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version 11.1.8 or later. Contact Siemens or Palo Alto Networks customer support to obtain patch and update information for RUGGEDCOM APE1808 deployments.
- Restrict administrative access to the management plane to trusted personnel only, following principle of least privilege.
- Monitor for unauthorized file deletion activities on affected firewall systems.
- Apply network segmentation to isolate management plane interfaces from untrusted networks.
- Review and implement CISA ICS recommended practices for industrial control system security.
Evidence notes
The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-338-02, which references Siemens security advisory SSA-354569. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H) indicates local attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, with high impact to integrity and availability but no confidentiality impact.
Official resources
-
CVE-2024-2552 CVE record
CVE.org
-
CVE-2024-2552 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-22