PatchSiren cyber security CVE debrief
CVE-2024-0008 Siemens CVE debrief
Web sessions in the management interface of Palo Alto Networks PAN-OS software fail to expire under certain conditions, creating a window for unauthorized access if an attacker obtains or intercepts a valid session token. The vulnerability carries a CVSS 3.1 score of 7.8 (HIGH) with an attack vector of local access and requires user interaction, but successful exploitation yields high impact across confidentiality, integrity, and availability. Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW are affected. CISA published this advisory on April 9, 2024, with the most recent update on May 13, 2025, adding CVE-2025-0127 to the cumulative list of upstream vulnerabilities tracked in this advisory. A vendor fix is available: upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW, particularly in industrial control system (ICS) and operational technology (OT) environments. Security teams responsible for firewall management plane security, OT security architects, and compliance officers tracking CISA ICS advisories should prioritize this vulnerability due to the high impact potential and the critical role of management interface integrity in network security infrastructure.
Technical summary
The vulnerability exists in the management interface session handling of Palo Alto Networks PAN-OS software. Under specific conditions, web sessions do not expire as expected, allowing a session token to remain valid beyond its intended lifetime. This failure in session lifecycle management creates an opportunity for unauthorized access if an attacker obtains a session token through means such as physical access to an unlocked management workstation, browser cache extraction, or network interception in compromised environments. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack vector with user interaction required, but high impact potential. The advisory specifically affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. The fix requires upgrading to Virtual NGFW V11.1.2-h3.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade affected Palo Alto Networks Virtual NGFW deployments to version V11.1.2-h3 or later. Contact Palo Alto Networks customer support to obtain patch and detailed update instructions.
- Review and enforce session timeout policies in PAN-OS management interface configurations to complement the vendor fix.
- Monitor management interface access logs for anomalous session activity or unauthorized access attempts.
- Apply network segmentation to restrict management interface access to authorized administrative hosts only.
- For Siemens RUGGEDCOM APE1808 deployments, verify NGFW version and coordinate with Siemens support per advisory guidance.
Evidence notes
Source: CISA CSAF advisory ICSA-24-102-04. CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C. Remediation guidance specifies upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3 with contact to customer support for patch details. Advisory revision history shows ongoing tracking of upstream PAN-OS vulnerabilities through May 2025.
Official resources
-
CVE-2024-0008 CVE record
CVE.org
-
CVE-2024-0008 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09