CVE-2024-30105 Siemens CVE debrief

Who should care

Operators and maintainers of Siemens INTRALOG WMS, OT/ICS security teams, plant IT administrators, and system integrators responsible for availability of warehouse or logistics control systems.

Technical summary

The supplied source corpus identifies a denial-of-service condition affecting Siemens INTRALOG WMS and labels it as a .NET and Visual Studio vulnerability. The advisory does not provide deeper root-cause detail in the supplied data, but it does rate the issue as network-exploitable, requiring no privileges or user interaction, and affecting availability only. Siemens’ remediation guidance is to update affected systems to V5 or later.

Defensive priority

High. The issue is remotely reachable, requires no authentication or user interaction, and is rated with high availability impact. For OT/ICS environments, even a DoS condition can materially affect operations, so remediation should be prioritized.

Recommended defensive actions

• Inventory Siemens INTRALOG WMS deployments and confirm the installed version.
• Apply Siemens’ remediation and update to V5 or later as soon as operationally feasible.
• Validate any compensating controls and test the upgrade in a maintenance window before production rollout.
• Restrict exposure of industrial systems to untrusted networks and follow CISA ICS recommended practices.
• Monitor Siemens CERT and CISA advisory channels for any follow-up guidance or revisions.

Evidence notes

Source corpus points to CISA CSAF advisory ICSA-25-135-02 and Siemens CERT references for CVE-2024-30105. The advisory metadata lists Siemens as vendor, INTRALOG WMS as the affected product, and the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The supplied corpus also states the remediation as updating to V5 or later. No KEV listing is present in the provided data.

Official resources