CVE-2023-24936 Siemens CVE debrief

Who should care

Organizations operating Siemens ST7 ScadaConnect systems in OT/ICS environments, security teams responsible for .NET and Visual Studio deployments, and infrastructure administrators managing industrial control systems should prioritize this vulnerability for remediation.

Technical summary

CVE-2023-24936 is an elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio with CVSS 3.1 score 7.5 (HIGH). The vulnerability affects Siemens ST7 ScadaConnect (6NH7997-5DA10-0AA0). Attack vector is network-based with high complexity and requires user interaction. Successful exploitation grants high impact to confidentiality, integrity, and availability. Siemens has released version 1.1 as a remediation. The vulnerability was disclosed June 11, 2024 via CISA advisory ICSA-24-165-04 and Siemens SSA-341067.

Defensive priority

HIGH

Recommended defensive actions

• Apply the vendor-provided update to version 1.1 or later for Siemens ST7 ScadaConnect (6NH7997-5DA10-0AA0)
• Review and implement CISA ICS recommended practices for defense-in-depth strategies
• Monitor for additional vendor guidance from Siemens ProductCERT
• Assess environment for other .NET/.NET Framework/Visual Studio components that may require patching
• Implement network segmentation for OT/ICS environments per CISA guidance

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-165-04, which references Siemens security advisory SSA-341067. The affected product is ST7 ScadaConnect (6NH7997-5DA10-0AA0). CVSS vector indicates network attack vector, high attack complexity, user interaction required, and high impacts across confidentiality, integrity, and availability.

Official resources