CVE-2024-27942 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM CROSSBOW systems in industrial control or operational technology environments should prioritize this vulnerability. System administrators, OT security teams, and network engineers responsible for critical infrastructure should apply the vendor patch and implement compensating controls. Organizations subject to NERC CIP or other industrial cybersecurity regulations should assess this vulnerability for compliance implications.

Technical summary

The vulnerability exists in the session management of affected RUGGEDCOM CROSSBOW systems. An unauthenticated attacker can send a request to the server that causes any active user session to be terminated. This is a network-accessible vulnerability with low attack complexity, requiring no authentication or user interaction. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates high availability impact with no confidentiality or integrity impact. The vulnerability is classified as a denial of service condition that prevents users from performing actions in the system.

Defensive priority

HIGH

Recommended defensive actions

• Update Siemens RUGGEDCOM CROSSBOW to version 5.5 or later per vendor guidance
• Review CISA ICS recommended practices for industrial control system security
• Implement network segmentation to limit exposure of RUGGEDCOM CROSSBOW systems
• Monitor for anomalous session termination events that may indicate exploitation attempts
• Apply defense-in-depth strategies for industrial control environments

Evidence notes

CVE published 2024-05-14; CISA advisory ICSA-24-137-10 published same date; Siemens SSA-916916 advisory issued; CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H confirms network-accessible, unauthenticated denial of service; vendor fix available in version 5.5 or later.

Official resources