PatchSiren cyber security CVE debrief
CVE-2023-6916 Siemens CVE debrief
Audit records for OpenAPI requests in Siemens RUGGEDCOM APE1808LNX devices may include sensitive information, potentially enabling unauthorized access and privilege escalation. The vulnerability carries a CVSS 3.1 score of 7.2 (HIGH severity) with a vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C, indicating network attack vector, low attack complexity, high privileges required, and high impacts on confidentiality, integrity, and availability. The issue was published on May 14, 2024, with CISA advisory ICSA-24-137-11. Affected products include RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0) and RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1). Siemens has issued security advisory SSA-292022 addressing this vulnerability.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808LNX industrial networking equipment, particularly those utilizing OpenAPI functionality for system integration or management. Critical infrastructure operators, manufacturing facilities, utilities, and transportation systems relying on RUGGEDCOM devices for secure industrial communications should prioritize assessment and remediation. Security teams responsible for OT/ICS environments, network administrators managing industrial edge devices, and compliance officers overseeing NERC CIP or similar industrial security frameworks should review this advisory.
Technical summary
CVE-2023-6916 affects Siemens RUGGEDCOM APE1808LNX industrial communication devices where audit records generated for OpenAPI requests may contain sensitive information. This information disclosure weakness could be leveraged by attackers to achieve unauthorized access and privilege escalation within affected systems. The vulnerability requires high privileges to exploit but presents significant impact potential given the high confidentiality, integrity, and availability ratings. Siemens has identified mitigations including proper user access controls for OpenAPI usage and IP-based API key restrictions, with a vendor fix available in Nozomi Guardian/CMC version 23.4.1.
Defensive priority
HIGH
Recommended defensive actions
- Create dedicated OpenAPI user accounts with minimal permissions to limit exposure of sensitive audit data
- Restrict API key usage to specific allowed IP addresses to reduce attack surface
- Implement periodic regeneration of existing API keys and review sign-in activity via API keys in audit records
- Contact Siemens customer support to obtain patch information for upgrading Nozomi Guardian/CMC to version 23.4.1
- Apply vendor-provided security updates when available to remediate the information disclosure vulnerability
- Monitor audit logs for anomalous OpenAPI request patterns that may indicate attempted exploitation
Evidence notes
CVE published and modified 2024-05-14. CISA advisory ICSA-24-137-11 published same date. Siemens SSA-292022 issued for affected RUGGEDCOM APE1808LNX products. CVSS 7.2 HIGH severity with network attack vector and high privilege requirements.
Official resources
-
CVE-2023-6916 CVE record
CVE.org
-
CVE-2023-6916 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14