PatchSiren cyber security CVE debrief
CVE-2024-23111 Siemens CVE debrief
A stored cross-site scripting (XSS) vulnerability exists in the reboot page of FortiOS and FortiProxy, affecting Siemens RUGGEDCOM APE1808 deployments that incorporate Fortinet NGFW components. The flaw stems from improper neutralization of input during web page generation (CWE-79). A remote attacker with super-admin privileges can execute arbitrary JavaScript code by sending crafted HTTP GET requests to the affected reboot page. The vulnerability requires high privileges and user interaction, limiting its exploitability but maintaining significant impact potential given the administrative access required.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking equipment; critical infrastructure operators using Fortinet NGFW components in industrial environments; security teams responsible for administrative interface protection; OT security practitioners managing FortiOS or FortiProxy deployments
Technical summary
The vulnerability exists in the reboot page functionality of FortiOS versions 7.4.3 and below, all 7.2.x versions, all 7.0.x versions, all 6.4.x versions, and FortiProxy versions 7.4.2 and below, all 7.2.x versions, all 7.0.x versions, and all 2.0.x versions. The improper input neutralization allows JavaScript injection that executes in the context of the administrative interface. Siemens RUGGEDCOM APE1808 incorporates Fortinet NGFW technology and is affected through this component. The fix requires updating the Fortigate NGFW component to version 7.4.4, available through Siemens customer support.
Defensive priority
medium
Recommended defensive actions
- Apply vendor-provided firmware update to Fortigate NGFW version 7.4.4 or later; contact Siemens customer support to obtain patch and update instructions for RUGGEDCOM APE1808 deployments
- Implement principle of least privilege for administrative accounts; restrict super-admin access to essential personnel only
- Enable multi-factor authentication for all administrative accounts to reduce risk of credential compromise
- Monitor administrative access logs for unusual reboot page access patterns or unexpected HTTP GET requests
- Segment management interfaces from operational networks; restrict administrative access to trusted hosts and networks
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control environments
Evidence notes
The vulnerability description indicates this is a stored XSS issue in the reboot page interface. The attack vector requires authenticated super-admin access, making this primarily a concern for compromised administrative accounts or insider threats. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H) reflects network accessibility, low attack complexity, high privileges required, user interaction needed, and high impacts across confidentiality, integrity, and availability. Siemens has issued guidance through SSA-698820, with CISA coordinating public disclosure via ICSA-24-193-02. The advisory has undergone nine revisions since initial publication, with the most recent update in November 2025 adding CVE-2024-26008 to the tracked upstream vulnerabilities.
Official resources
-
CVE-2024-23111 CVE record
CVE.org
-
CVE-2024-23111 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09