PatchSiren cyber security CVE debrief
CVE-2024-26010 Siemens CVE debrief
CVE-2024-26010 is a stack-based buffer overflow vulnerability affecting multiple Fortinet products, including FortiOS, FortiProxy, FortiPAM, FortiWeb, FortiAuthenticator, and FortiSwitchManager. The vulnerability was published on July 9, 2024, and carries a HIGH severity CVSS score of 7.5. Siemens RUGGEDCOM APE1808, an industrial edge computing platform that incorporates Fortinet NGFW technology, is affected as a downstream product. The vulnerability allows an attacker to execute unauthorized code or commands via specially crafted network packets. Siemens has issued remediation guidance including both configuration mitigations and a vendor fix requiring update to FortiGate NGFW version 7.4.4, with customers directed to contact Siemens support for patch and update information.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial edge computing platforms in critical infrastructure environments, including energy, transportation, and manufacturing sectors. Security teams responsible for OT/ICS network security, Fortinet appliance administrators, and compliance officers managing industrial cybersecurity frameworks should prioritize assessment and remediation.
Technical summary
A stack-based buffer overflow vulnerability exists in Fortinet FortiOS, FortiProxy, FortiPAM, FortiWeb, FortiAuthenticator, and FortiSwitchManager. The vulnerability can be triggered by specially crafted network packets, potentially allowing an attacker to execute arbitrary code or commands. Siemens RUGGEDCOM APE1808 incorporates affected Fortinet NGFW components and is therefore vulnerable. The CVSS 3.1 vector indicates network attack vector with high attack complexity, no privileges required, user interaction required, and high impact to confidentiality, integrity, and availability.
Defensive priority
HIGH
Recommended defensive actions
- Contact Siemens customer support to obtain and apply the FortiGate NGFW V7.4.4 patch for RUGGEDCOM APE1808 systems
- For each interface on affected systems, remove fgfm access as an interim mitigation measure per Fortinet PSIRT guidance
- Review and apply CISA ICS recommended practices for defense-in-depth strategies in industrial control system environments
- Monitor Siemens CERT portal and CISA ICS advisories for updates to this advisory and related upstream vulnerabilities
- Assess network segmentation and access controls to limit exposure of affected systems to untrusted networks
Evidence notes
The vulnerability description and affected product versions are sourced from the CISA CSAF advisory ICSA-24-193-02. Siemens is identified as the vendor for RUGGEDCOM APE1808 based on CSAF product tree data with high confidence. Remediation details including the specific vendor fix version (V7.4.4) and mitigation instructions are drawn from the remediations section of the source advisory.
Official resources
-
CVE-2024-26010 CVE record
CVE.org
-
CVE-2024-26010 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
This vulnerability was disclosed through coordinated disclosure. CISA published advisory ICSA-24-193-02 on July 9, 2024, with subsequent revisions through November 2025 adding related upstream vulnerabilities and clarifying fix information.