PatchSiren cyber security CVE debrief
CVE-2024-0218 Siemens CVE debrief
A Denial of Service (DoS) vulnerability exists in Nozomi Networks Guardian, affecting the RADIUS parsing functionality within the IDS module. The vulnerability stems from improper input validation in specific fields used during RADIUS packet processing. An unauthenticated attacker can exploit this flaw by sending specially crafted malformed network packets, causing the IDS module to cease updating nodes, links, and assets. Network traffic analysis is impaired until the IDS module is manually restarted. The vulnerability was published on May 14, 2024, with a CVSS 3.1 score of 7.5 (HIGH severity). The affected products are Siemens RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0) and RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1). A vendor fix is available requiring upgrade to Nozomi Guardian / CMC V23.4.1.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-05-14
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-05-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808LNX industrial communication platforms with Nozomi Networks Guardian IDS functionality, particularly those in critical infrastructure sectors where continuous network traffic analysis is essential for security monitoring and operational visibility.
Technical summary
The vulnerability exists in the RADIUS parsing functionality of the Nozomi Networks Guardian IDS module. Improper input validation allows malformed network packets to cause the IDS module to stop updating critical network topology data (nodes, links, assets). The attack requires no authentication and can be executed remotely over the network. Recovery requires manual restart of the IDS module. The vulnerability affects Siemens RUGGEDCOM APE1808LNX industrial communication platforms running the affected Nozomi Guardian software.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Nozomi Guardian / CMC to version 23.4.1 by contacting customer support for patch and update information
- Monitor IDS module status for unexpected cessation of node, link, and asset updates
- Implement network segmentation to limit exposure of RADIUS parsing functionality to untrusted networks
- Apply defense-in-depth strategies per ICS-CERT recommended practices for industrial control systems
- Review and validate input handling in RADIUS-related network services
- Establish monitoring for malformed RADIUS packet patterns that may indicate exploitation attempts
Evidence notes
The vulnerability description indicates improper input validation in RADIUS parsing functionality as the root cause. The attack vector is network-based, requires no authentication, and results in complete loss of availability for the IDS module's core functions. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C) confirms network accessibility, low attack complexity, no privileges required, and high availability impact. The remediation specifies upgrade to V23.4.1 with customer support contact required for patch acquisition.
Official resources
-
CVE-2024-0218 CVE record
CVE.org
-
CVE-2024-0218 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14