CVE-2024-27903 Siemens CVE debrief

Who should care

Siemens SINEMA Remote Connect Client administrators, OT/industrial remote-access teams, and security operations staff responsible for Windows endpoints that use OpenVPN-based connectivity.

Technical summary

Per the CISA CSAF advisory for Siemens SINEMA Remote Connect Client, the affected Windows OpenVPN plug-in handling allows plug-ins to be loaded from arbitrary directories in OpenVPN 2.6.9 and earlier. That creates an avenue for attacker-controlled plug-in loading and interaction with a privileged OpenVPN interactive service. The provided CVSS vector is 9.8 (network, low complexity, no privileges, no user interaction, high confidentiality/integrity/availability impact). Siemens lists an update to V3.2 SP3 or later as remediation.

Defensive priority

Immediate. This is a critical, network-exploitable issue with no privileges or user interaction required and a vendor fix is available.

Recommended defensive actions

• Identify Windows systems running Siemens SINEMA Remote Connect Client and determine whether they are affected by the OpenVPN plug-in loading issue.
• Upgrade to Siemens SINEMA Remote Connect Client V3.2 SP3 or later as recommended by the vendor.
• Track Siemens and CISA advisories for this product and apply the vendor remediation as part of your standard OT/ICS patch validation process.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory data for ICSA-25-072-10, published 2025-03-11, which names Siemens SINEMA Remote Connect Client as the affected product and describes the OpenVPN plug-in loading issue. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The remediation field in the source data states: update to V3.2 SP3 or later. No additional exploitation details are included beyond the source corpus.

Official resources