PatchSiren cyber security CVE debrief
CVE-2024-32122 Siemens CVE debrief
CVE-2024-32122 is a low-severity credential exposure issue described in the supplied advisory corpus. The vulnerable behavior allows a privileged authenticated attacker to change the LDAP server IP address in device configuration and point it at an attacker-controlled server, potentially causing LDAP credentials to be disclosed. The source corpus associates the issue with Siemens RUGGEDCOM APE1808, while the vulnerability description text itself refers to FortiOS; this debrief preserves both source details and flags that inconsistency.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
OT/ICS operators, network and security administrators, and asset owners responsible for Siemens RUGGEDCOM APE1808 deployments or any environment where privileged users can manage LDAP-related configuration. Teams that rely on LDAP-backed authentication should pay particular attention.
Technical summary
The source description indicates an insufficiently protected credentials condition. A privileged authenticated attacker with the ability to modify configuration can change the LDAP server IP address to a malicious host and capture LDAP credentials when the device connects. The provided CVSS vector (AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N) matches a limited confidentiality impact with no integrity or availability impact in the corpus.
Defensive priority
Low overall severity, but do not ignore it in environments that use LDAP or delegate privileged admin access. Plan remediation in the next maintenance cycle, or sooner if privileged configuration access is broadly available or if LDAP credentials would expose additional systems.
Recommended defensive actions
- Apply the vendor remediation cited in the advisory corpus: update to Fortigate NGFW V7.4.9 or later using the secure update recommendation procedure, and contact customer support for detailed guidance.
- Review which administrators can modify LDAP-related configuration and restrict that access to the smallest practical set of trusted personnel.
- Audit device and management-plane activity for unauthorized or unexpected LDAP server IP changes.
- Treat any exposed LDAP credentials as potentially compromised and rotate them according to your internal incident-response and credential-management process.
- Use the CISA ICS recommended practices and defense-in-depth guidance linked in the advisory for broader segmentation, access control, and monitoring hardening.
Evidence notes
The primary source is CISA CSAF ICSA-25-135-01, published 2025-05-13 and republished/updated through 2026-02-12. The advisory metadata lists Siemens RUGGEDCOM APE1808 as the affected product, but the vulnerability description in the supplied corpus says FortiOS and the remediation text references Fortigate NGFW V7.4.9 or later. This debrief follows the supplied source corpus and preserves that product-text mismatch rather than resolving it with outside assumptions.
Official resources
-
CVE-2024-32122 CVE record
CVE.org
-
CVE-2024-32122 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF ICSA-25-135-01 on 2025-05-13; latest source update/republication in the supplied corpus is 2026-02-12.