PatchSiren cyber security CVE debrief
CVE-2024-2551 Siemens CVE debrief
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables unauthenticated remote attackers to cause denial of service (DoS) by sending crafted packets through the data plane. Successful exploitation stops a core system service; repeated attempts force the firewall into maintenance mode. This vulnerability affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. The issue was disclosed on April 9, 2024, with vendor fixes available.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly in industrial control system (ICS) environments where firewall availability is critical for operational continuity. Security teams responsible for OT/ICS network infrastructure and incident responders tracking unauthenticated remote DoS vulnerabilities in network security appliances.
Technical summary
CVE-2024-2551 is a null pointer dereference vulnerability in Palo Alto Networks PAN-OS software. The flaw exists in the data plane packet processing logic and can be triggered by unauthenticated attackers sending crafted network packets. Successful exploitation causes a core system service to stop, resulting in denial of service. Repeated exploitation attempts cause the firewall to enter maintenance mode, requiring administrative intervention to restore normal operation. The vulnerability is rated CVSS 3.1 7.5 (HIGH) with network attack vector, low attack complexity, and no privileges required.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 or later on affected Siemens RUGGEDCOM APE1808 devices
- Contact Siemens customer support to obtain patch and update information for affected deployments
- Monitor firewall logs for unexpected service restarts or maintenance mode entries that may indicate exploitation attempts
- Implement network segmentation to restrict access to firewall management and data plane interfaces from untrusted networks
- Apply defense-in-depth practices for industrial control systems as recommended by CISA
Evidence notes
The CISA CSAF advisory ICSA-24-102-04 documents this vulnerability as affecting Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW. The advisory was initially published on 2024-04-09 and most recently modified on 2025-05-13. The specific CVE-2024-2551 entry was added in revision 1.5 dated 2024-12-10. The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network-accessible, low-complexity, unauthenticated attacks with high availability impact.
Official resources
-
CVE-2024-2551 CVE record
CVE.org
-
CVE-2024-2551 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09