CVE-2023-6789 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly those with multiple administrative users and role-based access controls. Critical infrastructure operators in industrial environments should prioritize due to potential for administrative session compromise and audit log manipulation.

Technical summary

Stored XSS in PAN-OS web interface allows authenticated read-write administrators to inject JavaScript payloads that execute in other administrators' sessions, disguising attacker actions as legitimate administrative activity. Requires high privileges and user interaction. Affects Siemens RUGGEDCOM APE1808 with Palo Alto Virtual NGFW. Fixed in V11.1.2-h3.

Defensive priority

medium

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 or later. Contact customer support to obtain patch and update information.
• Restrict administrative access to trusted personnel and implement principle of least privilege for administrator accounts.
• Monitor administrative sessions for anomalous activity that may indicate compromised credentials or session hijacking.
• Apply network segmentation to limit administrative interface exposure to authorized management networks only.
• Review and validate administrative actions through audit logs, correlating actions with authenticated user sessions.

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-102-04, which references Siemens SSA-455250. The affected product is RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW. CVSS 3.1 vector: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C.

Official resources