PatchSiren cyber security CVE debrief
CVE-2024-1305 Siemens CVE debrief
CVE-2024-1305 is a critical memory corruption issue affecting Siemens SINEMA Remote Connect Client. The supplied advisory describes an overflow in the tap-windows6 driver caused by improper size checking on incoming write operations, which can trigger a bug check and may allow arbitrary code execution in kernel space. Because the CVSS vector is network-reachable, requires no privileges, and needs no user interaction, this issue should be treated as urgent wherever the affected client is deployed. Siemens’ published remediation is to update to V3.2 SP3 or later.
- Vendor
- Siemens
- Product
- SINEMA Remote Connect Client
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-11
- Original CVE updated
- 2025-03-11
- Advisory published
- 2025-03-11
- Advisory updated
- 2025-03-11
Who should care
Organizations using Siemens SINEMA Remote Connect Client, especially OT/ICS administrators, Windows endpoint teams, and asset owners responsible for remote access tooling in industrial environments.
Technical summary
The CISA CSAF advisory for ICSA-25-072-10 identifies one affected product: Siemens SINEMA Remote Connect Client. The vulnerability description states that tap-windows6 driver version 9.26 and earlier does not properly validate the size of incoming write operations. That can overflow memory buffers, causing a system bug check and potentially enabling arbitrary code execution in kernel space. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, consistent with a remotely reachable, unauthenticated, high-impact flaw. The advisory’s remediation is to update to V3.2 SP3 or later.
Defensive priority
Immediate. This is a critical, unauthenticated, network-reachable kernel-space memory corruption issue with potential code execution impact.
Recommended defensive actions
- Inventory all deployments of Siemens SINEMA Remote Connect Client and confirm whether any affected versions or bundled driver components are present.
- Apply Siemens’ remediation and update to V3.2 SP3 or later as soon as feasible.
- Treat exposed remote-access endpoints and OT-adjacent Windows systems as highest priority for validation and patching.
- If immediate patching is not possible, reduce exposure by limiting network access to the client and monitoring for crashes or unexpected kernel instability.
- Track vendor and CISA advisories for any follow-up guidance or version clarifications.
Evidence notes
All facts in this debrief come from the supplied CISA CSAF source item and its referenced Siemens advisory. The source states: vendor Siemens; product Siemens SINEMA Remote Connect Client; CVE-2024-1305; publication and modification date 2025-03-11; CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; and remediation to update to V3.2 SP3 or later. The description specifically attributes the flaw to tap-windows6 driver version 9.26 and earlier and notes possible bug check and kernel-space code execution. No KEV entry was provided in the supplied enrichment.
Official resources
-
CVE-2024-1305 CVE record
CVE.org
-
CVE-2024-1305 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory for CVE-2024-1305 on 2025-03-11; the supplied source does not indicate KEV inclusion.