PatchSiren cyber security CVE debrief
CVE-2024-26015 Siemens CVE debrief
An incorrect parsing of numbers with different radices vulnerability (CWE-1389) in Fortinet FortiProxy and FortiOS IP address validation features may allow an unauthenticated attacker to bypass IP blocklist protections via crafted requests. This vulnerability affects Siemens RUGGEDCOM APE1808, which incorporates the affected Fortinet components. The issue stems from improper handling of numeric values with different radix bases during IP address validation, potentially allowing attackers to circumvent access controls designed to block malicious IP addresses. The vulnerability was initially published on July 9, 2024, with subsequent advisory revisions through November 2025 adding related upstream vulnerabilities and clarifying fix information. Siemens has released a vendor fix requiring update of the Fortigate NGFW component to version 7.4.4, available through customer support.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking devices, particularly in critical infrastructure environments where IP blocklists are relied upon for access control. Security teams responsible for OT/ICS network segmentation and firewall policy enforcement should prioritize this fix to maintain integrity of IP-based blocking mechanisms.
Technical summary
The vulnerability exists in the IP address validation feature of FortiProxy (versions 7.4.3 and below, 7.2.10 and below, 7.0.17 and below) and FortiOS (versions 7.4.3 and below, 7.2.8 and below, 7.0.15 and below). Incorrect parsing of numbers with different radices (CWE-1389) allows crafted requests to bypass IP blocklist enforcement. This is an unauthenticated attack vector with CVSS 3.1 score of 3.4 (Low severity), requiring adjacent network access and high attack complexity. The vulnerability affects Siemens RUGGEDCOM APE1808, which integrates Fortinet NGFW components. Successful exploitation could allow attackers to circumvent IP-based access controls, though the scope is changed due to the chained nature of the vulnerability.
Defensive priority
medium
Recommended defensive actions
- Contact Siemens customer support to obtain patch and update information for Fortigate NGFW V7.4.4
- Apply vendor fix to update Fortigate NGFW component to version 7.4.4 on affected RUGGEDCOM APE1808 systems
- Review and validate IP blocklist configurations after patching to ensure expected enforcement behavior
- Monitor network traffic for anomalous patterns that may indicate attempted IP validation bypass
- Implement defense-in-depth controls per CISA ICS recommended practices to supplement vendor fixes
Evidence notes
CVE published 2024-07-09; CISA ICS advisory ICSA-24-193-02 published same date. Advisory revised multiple times through 2025-11-11 to add related CVEs and correct fix information. Vendor fix specified in remediation data: update Fortigate NGFW to V7.4.4.
Official resources
-
CVE-2024-26015 CVE record
CVE.org
-
CVE-2024-26015 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public