PatchSiren cyber security CVE debrief
CVE-2024-35264 Siemens CVE debrief
CVE-2024-35264 is a high-severity remote code execution vulnerability described in CISA’s Siemens INTRALOG WMS advisory as a ".NET and Visual Studio Remote Code Execution Vulnerability." The advisory maps the issue to Siemens INTRALOG WMS and recommends updating the product to V5 or later. The published CVSS vector indicates network exposure, no privileges required, no user interaction, and high impacts to confidentiality, integrity, and availability.
- Vendor
- Siemens
- Product
- INTRALOG WMS
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2025-05-13
- Advisory published
- 2025-05-13
- Advisory updated
- 2025-05-13
Who should care
Organizations running Siemens INTRALOG WMS, especially operational technology and industrial environments that rely on vendor-supported application stacks, should prioritize this advisory. Security teams responsible for Windows-based engineering or .NET/Visual Studio-dependent deployments should also review exposure and patch planning.
Technical summary
The source corpus identifies CVE-2024-35264 as a network-reachable remote code execution issue with CVSS 3.1 vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. CISA’s CSAF advisory for Siemens INTRALOG WMS does not provide exploit details in the supplied text, but it does provide a vendor remediation: update to V5 or later. The advisory references Siemens CERT materials and CISA industrial control system guidance.
Defensive priority
High. The combination of remote attack surface, no required privileges, no user interaction, and high confidentiality/integrity/availability impact warrants prompt triage and patch planning, even though the source assigns high attack complexity.
Recommended defensive actions
- Confirm whether Siemens INTRALOG WMS is deployed in your environment and identify all affected instances.
- Review the Siemens CERT advisory referenced by CISA for product-specific guidance and remediation details.
- Plan and apply the vendor fix: update to V5 or later.
- Validate compatibility and test the upgrade path in a non-production environment before broad rollout.
- If immediate patching is not possible, apply compensating controls consistent with CISA industrial control system recommended practices.
- Document exposure, remediation status, and any operational constraints for follow-up tracking.
Evidence notes
All statements are limited to the supplied CSAF source item and its referenced official links. The source explicitly names Siemens INTRALOG WMS as the affected product, describes CVE-2024-35264 as a ".NET and Visual Studio Remote Code Execution Vulnerability," assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, and recommends updating to V5 or later. No affected version range or exploit narrative was included in the supplied corpus.
Official resources
-
CVE-2024-35264 CVE record
CVE.org
-
CVE-2024-35264 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-05-13 and the supplied source metadata shows the same publication and modification date. No KEV listing was indicated in the corpus.