CVE-2024-28882 Siemens CVE debrief

Who should care

Administrators and security teams responsible for Siemens SINEMA Remote Connect Client deployments, and operators of OpenVPN server deployments running versions 2.6.0 through 2.6.10.

Technical summary

The supplied advisory describes a condition where an authenticated client can send multiple exit notifications to an OpenVPN server, causing a closing session to remain valid longer than intended. The supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) indicates network reachability, low attack complexity, required privileges, and a primary integrity impact.

Defensive priority

Medium

Recommended defensive actions

• Update Siemens SINEMA Remote Connect Client to V3.2 SP3 or later, as specified in the advisory.
• Inventory deployments to identify any OpenVPN 2.6.0 through 2.6.10 instances operating in a server role.
• Prioritize remediation for remotely accessible systems and environments where authenticated client access is broadly available.
• Review session-termination and access-control monitoring around VPN services for unexpected repeated exit notifications or abnormal session closure behavior.
• Use the CISA ICS recommended practices referenced in the advisory to reinforce segmentation, access control, and defense-in-depth around remote connectivity services.

Evidence notes

All core facts are taken from the supplied CISA CSAF advisory and its referenced Siemens material: the affected product is Siemens SINEMA Remote Connect Client; the vulnerability description names OpenVPN 2.6.0 through 2.6.10 in server role; remediation is V3.2 SP3 or later; published and modified dates are 2025-03-11. The supplied enrichment does not include KEV listing information.

Official resources