PatchSiren cyber security CVE debrief
CVE-2023-6790 Siemens CVE debrief
A DOM-based cross-site scripting (XSS) vulnerability exists in Palo Alto Networks PAN-OS software. When an administrator views a specially crafted link to the PAN-OS web interface, a remote attacker can execute JavaScript in the context of the administrator's browser session. This represents a high-severity client-side attack vector that could lead to session hijacking or administrative action manipulation. The vulnerability was disclosed in April 2024 and affects Siemens RUGGEDCOM APE1808 deployments incorporating the vulnerable PAN-OS component.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-12-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 systems with integrated Palo Alto Networks PAN-OS virtual NGFW, industrial control system administrators, network security teams managing firewall infrastructure, and compliance officers responsible for ICS security posture.
Technical summary
This vulnerability is a DOM-based cross-site scripting flaw in the PAN-OS web interface. Unlike reflected or stored XSS, DOM-based XSS executes entirely within the browser when malicious input modifies the DOM environment. Attackers can craft URLs containing JavaScript payloads that execute when an authenticated administrator clicks the link. The CVSS 3.1 score of 8.8 (High) reflects network attack vector, low attack complexity, no privileges required, user interaction required, and high impacts to confidentiality, integrity, and availability. The vulnerability is exploitable without authentication but requires social engineering to induce an administrator to click a malicious link.
Defensive priority
high
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version 11.0.1 or later per vendor guidance
- Contact Siemens customer support to obtain patch and update information for RUGGEDCOM APE1808 deployments
- Implement network segmentation to restrict administrative access to PAN-OS web interfaces
- Deploy web application firewalls with XSS filtering rules for administrative interfaces
- Enforce multi-factor authentication for all administrative accounts to limit session hijacking impact
- Monitor for suspicious administrative session activity and anomalous JavaScript execution in browser contexts
- Apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The source advisory (ICSA-24-102-03) identifies this as a DOM-based XSS in Palo Alto Networks PAN-OS software, with remediation guidance to upgrade to Virtual NGFW V11.0.1. The advisory was published 2024-04-09 and last modified 2024-12-10 to add related CVEs.
Official resources
-
CVE-2023-6790 CVE record
CVE.org
-
CVE-2023-6790 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09