CVE-2024-21754 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 industrial networking platforms with integrated Fortinet NGFW functionality; OT security teams managing backup and recovery procedures; compliance officers responsible for encryption strength assessments in industrial environments

Technical summary

The vulnerability stems from insufficient computational effort in password hashing (CWE-916) within FortiOS versions 7.4.3 and below, 7.2.x, 7.0.x, 6.4.x, and FortiProxy versions 7.4.2 and below, 7.2.x, 7.0.x, 2.0.x. When these Fortinet components are deployed in Siemens RUGGEDCOM APE1808 industrial platforms, an attacker with super-admin privileges and CLI access can exploit weak hashing to decrypt backup files. The attack requires local access, high complexity, and high privileges, limiting practical exploitability but creating risk for sensitive configuration exposure.

Defensive priority

low

Recommended defensive actions

• Update FortiOS to version 7.4.4 on affected RUGGEDCOM APE1808 deployments; contact Siemens customer support for patch and update information
• Restrict CLI access to super-admin profiles to authorized personnel only and monitor for anomalous backup decryption attempts
• Review backup file access controls and encryption practices for sensitive configuration data
• Apply defense-in-depth strategies per CISA ICS recommended practices for industrial control systems

Evidence notes

CVE published 2024-07-09 per CISA CSAF advisory ICSA-24-193-02. Siemens advisory SSA-698820 documents this as an upstream Fortinet vulnerability affecting RUGGEDCOM APE1808. CVSS vector AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N confirms local attack vector with high complexity and privileges required.

Official resources