PatchSiren cyber security CVE debrief
CVE-2024-29119 Siemens CVE debrief
A local privilege escalation vulnerability exists in Siemens Spectrum Power 7 due to multiple root-owned SUID binaries. An authenticated attacker with local access can exploit these misconfigured binaries to escalate privileges to root. The vulnerability was disclosed on November 12, 2024, with a CVSS 3.1 score of 7.8 (HIGH). Siemens has released a vendor fix in version V24Q3 or later.
- Vendor
- Siemens
- Product
- Spectrum Power 7
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens Spectrum Power 7 in energy sector and critical infrastructure environments, ICS/SCADA security teams, system administrators responsible for power management systems, and compliance officers managing NERC CIP or equivalent industrial security frameworks.
Technical summary
The affected product, Siemens Spectrum Power 7, ships with multiple SUID (Set User ID) binaries owned by root. These binaries execute with root privileges regardless of the invoking user's identity. An authenticated attacker with local system access can exploit these misconfigured SUID binaries to execute arbitrary commands with root privileges, resulting in complete system compromise. The attack requires local access and valid credentials but does not require user interaction. The vulnerability is classified as HIGH severity (CVSS 7.8) due to the high impact on confidentiality, integrity, and availability of the affected system.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update Siemens Spectrum Power 7 to version V24Q3 or later as specified in the vendor security advisory.
- Restrict local access: Limit interactive login access to the system to authorized personnel only, following principle of least privilege.
- Audit SUID binaries: Review and validate SUID/SGID binary configurations on all deployed systems to identify unnecessary privilege escalations.
- Monitor for privilege escalation: Implement logging and alerting for suspicious execution of SUID binaries or unexpected privilege changes.
- Segment control networks: Isolate ICS/SCADA systems from business networks and internet per CISA recommended practices for industrial control systems.
Evidence notes
The vulnerability description and remediation guidance are sourced from CISA ICS Advisory ICSA-24-319-09, which references Siemens Security Advisory SSA-616032. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) confirms local attack vector with low attack complexity and high impact on confidentiality, integrity, and availability.
Official resources
-
CVE-2024-29119 CVE record
CVE.org
-
CVE-2024-29119 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12