PatchSiren cyber security CVE debrief
CVE-2024-26006 Siemens CVE debrief
CVE-2024-26006 is a cross-site scripting (XSS) vulnerability in FortiOS and FortiProxy's web SSL VPN UI, affecting Siemens RUGGEDCOM APE1808 devices that incorporate Fortinet NGFW technology. The vulnerability, published July 9, 2024, carries a HIGH severity CVSS 7.5 score and requires user interaction through social engineering—specifically, convincing a targeted user to bookmark a malicious Samba server and subsequently open that bookmark. The attack vector is network-based with high attack complexity, requiring no privileges but user interaction, with high impacts to confidentiality, integrity, and availability. This represents an upstream vulnerability from Fortinet affecting Siemens industrial control infrastructure. Siemens released a fix in October 2024, with Fortigate NGFW version 7.4.4 addressing the issue. CISA's advisory ICSA-24-193-02 has been updated multiple times since initial publication, most recently in November 2025 to add related vulnerability CVE-2024-26008. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices with SSL VPN web-mode enabled; OT security teams managing Fortinet-integrated industrial firewalls; security awareness trainers addressing social engineering vectors in industrial environments
Technical summary
Improper neutralization of input during web page generation (CWE-79) in FortiOS and FortiProxy web SSL VPN UI allows remote unauthenticated attackers to execute cross-site scripting attacks. Attack requires social engineering victim to bookmark malicious Samba server then open bookmark. Affects Siemens RUGGEDCOM APE1808 with integrated Fortinet NGFW. Fixed in Fortigate NGFW 7.4.4.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update Fortigate NGFW to version 7.4.4 by contacting Siemens customer support for patch and update information
- Consider mitigation: Disable SSL-VPN web-mode if immediate patching is not feasible, per Fortinet PSIRT guidance
- Review user security awareness training to address social engineering risks associated with bookmark-based attacks
- Monitor for suspicious Samba server bookmarking activity in SSL VPN logs
- Apply defense-in-depth controls per CISA ICS recommended practices for industrial control systems
Evidence notes
CVE description and CVSS vector from CISA CSAF source ICSA-24-193-02. Vendor attribution to Siemens for RUGGEDCOM APE1808 product. Remediation timeline from revision history showing vendor fix added October 8, 2024. CVSS 7.5 severity confirmed from source data. Not in KEV per enrichment data.
Official resources
-
CVE-2024-26006 CVE record
CVE.org
-
CVE-2024-26006 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09