CVE-2024-3387 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly those in industrial and critical infrastructure environments where Panorama central management is used for firewall administration. Security teams responsible for certificate lifecycle management and encrypted communications in OT/ICS networks should prioritize this fix.

Technical summary

CVE-2024-3387 stems from a weak (low bit strength) device certificate implementation in Palo Alto Networks Panorama software. The insufficient cryptographic strength allows an attacker with sufficient computing resources to perform a meddler-in-the-middle (MitM) attack, capturing and potentially decrypting encrypted traffic between the Panorama management server and managed firewalls. This exposure could lead to disclosure of sensitive management information. The vulnerability affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. Remediation requires upgrading to Virtual NGFW V11.1.2-h3.

Defensive priority

medium

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 per vendor guidance
• Contact Palo Alto Networks customer support to obtain patch and update information
• Review certificate configurations on Panorama management servers and managed firewalls
• Monitor network traffic for anomalous patterns indicative of potential MitM activity
• Apply defense-in-depth strategies for industrial control systems per CISA guidance

Evidence notes

The source advisory (ICSA-24-102-04) identifies this vulnerability as affecting Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. The advisory was initially published on 2024-04-09 and most recently modified on 2025-05-13. A vendor fix is available requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3.

Official resources