PatchSiren cyber security CVE debrief
CVE-2024-26013 Siemens CVE debrief
CVE-2024-26013 is a CVSS 7.5 improper restriction of communication channel issue that can let an unauthenticated attacker in a man-in-the-middle position impersonate a management device by intercepting FGFM authentication traffic. In the supplied corpus, the advisory is published by CISA in the context of Siemens RUGGEDCOM APE1808, but the vulnerability text and remediation reference Fortinet products, so the product mapping should be verified before remediation is actioned. The issue was publicly published on 2025-02-11 and later republished by CISA on 2026-03-12.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-02-11
- Advisory updated
- 2026-03-12
Who should care
OT and industrial network operators, security teams managing Siemens RUGGEDCOM APE1808 deployments, and administrators responsible for Fortinet-based management paths or FGFM-trusted device communications.
Technical summary
The issue is classified as CWE-923, improper restriction of communication channel to intended endpoints. According to the supplied advisory text, an attacker positioned between the managed device and the management device can intercept FGFM authentication requests and impersonate FortiCloud or, in some conditions, FortiManager. The supplied CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network reachability with no privileges required, but with a man-in-the-middle position and user interaction context.
Defensive priority
High. Although the attack requires man-in-the-middle positioning, the impact is management-plane impersonation with potential confidentiality, integrity, and availability consequences. Verify whether any affected versions or equivalent management channels are in use, and prioritize vendor-guided remediation and segmentation controls.
Recommended defensive actions
- Confirm the exact Siemens and any embedded Fortinet-related software versions in the environment before applying fixes.
- Follow the Siemens/CISA advisory guidance and apply vendor-recommended updates where applicable; the supplied corpus names Fortigate NGFW V7.4.7 as the fix reference.
- Restrict management-plane traffic to trusted, segmented networks and reduce exposure of FGFM or similar management channels.
- Review network paths for any devices or links that could enable interception or proxying of management authentication traffic.
- Monitor for unusual management-device impersonation, authentication anomalies, or unexpected management session behavior.
- Track the advisory revision history and any updated vendor notes for changes to scope or remediation.
Evidence notes
The source corpus includes CISA advisory ICSA-25-044-06, Siemens ProductCERT SSA-770770, the CVE record, the CWE reference for CWE-923, and the CVSS vector reference. The published date is 2025-02-11 and the modified/republication date is 2026-03-12. The corpus is internally inconsistent: the affected-product mapping names Siemens RUGGEDCOM APE1808, while the vulnerability description lists multiple Fortinet products and the remediation text references Fortigate NGFW V7.4.7. This debrief preserves that inconsistency as an evidence flag rather than resolving it with unsupported assumptions.
Official resources
-
CVE-2024-26013 CVE record
CVE.org
-
CVE-2024-26013 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied advisory on 2025-02-11; republished by CISA on 2026-03-12. The supplied enrichment marks the issue as not included in CISA KEV.