PatchSiren cyber security CVE debrief
CVE-2023-6791 Siemens CVE debrief
A credential disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to obtain the plaintext credentials of stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP from the web interface. The vulnerability was published on 2024-04-09 and last modified on 2024-12-10. The affected product is Siemens RUGGEDCOM APE1808, as identified in CISA CSAF advisory ICSA-24-102-03. The CVSS v3.1 score is 4.9 (MEDIUM severity), with a vector indicating network attack vector, low attack complexity, high privileges required, no user interaction, and high confidentiality impact. A vendor fix is available: upgrade to Palo Alto Networks Virtual NGFW V11.0.1 and contact Siemens customer support for patch and update information.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 4.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-12-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks PAN-OS integrations, particularly those in industrial control system (ICS/OT) environments. Security teams responsible for firewall administration, identity management infrastructure, and OT network security should prioritize this vulnerability due to the potential for credential compromise leading to broader network access.
Technical summary
The vulnerability exists in Palo Alto Networks PAN-OS software, where an authenticated read-only administrator can retrieve plaintext credentials for external system integrations through the web interface. The affected integrations include LDAP, SCP, RADIUS, TACACS+, and SNMP. This represents an information disclosure weakness where insufficient access controls allow lower-privileged accounts to access sensitive credential material. The vulnerability is rated CVSS 4.9 (MEDIUM) with the primary risk being confidentiality breach of integration credentials, which could enable further lateral movement or privilege escalation in connected systems. The Siemens RUGGEDCOM APE1808 product is identified as affected based on CISA CSAF advisory cross-referencing.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided patch: upgrade to Palo Alto Networks Virtual NGFW V11.0.1 and contact Siemens customer support for patch and update information.
- Review and rotate credentials for affected external system integrations (LDAP, SCP, RADIUS, TACACS+, SNMP).
- Audit administrative access to ensure least-privilege principles are enforced.
- Monitor for unauthorized credential access attempts in web interface logs.
- Follow CISA ICS recommended practices for defense-in-depth strategies.
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-102-03. Product attribution (Siemens RUGGEDCOM APE1808) derived from CSAF product tree with high confidence. CVSS vector and remediation instructions extracted from source item metadata.
Official resources
-
CVE-2023-6791 CVE record
CVE.org
-
CVE-2023-6791 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09