PatchSiren cyber security CVE debrief
CVE-2024-35279 Siemens CVE debrief
CVE-2024-35279 is a high-severity network-facing vulnerability reported in the supplied advisory corpus and first published by CISA on 2025-02-11. The source data maps the CVE to Siemens RUGGEDCOM APE1808, and later notes a 2026-03-12 CISA republication update based on Siemens ProductCERT SSA-770770. The advisory text in the corpus also contains an upstream Fortinet FortiOS CAPWAP/UDP buffer-overflow description, so the safest reading is to follow the linked Siemens/CISA remediation guidance and treat exposed fabric-service or CAPWAP access as sensitive.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2025-02-11
- Advisory updated
- 2026-03-12
Who should care
OT/ICS defenders, Siemens RUGGEDCOM APE1808 operators, industrial network administrators, and incident responders responsible for exposed edge or management interfaces.
Technical summary
The supplied description characterizes CVE-2024-35279 as a stack-based buffer overflow reachable by crafted UDP packets through CAPWAP control. The advisory says a remote unauthenticated attacker could potentially execute arbitrary code or commands if FortiOS stack protections are bypassed and the fabric service is exposed on the interface. In the same source corpus, the affected-product metadata points to Siemens RUGGEDCOM APE1808, while the remediation text recommends removing the fabric service or blocking CAPWAP-CONTROL access to UDP port 5246 and references an update to Fortigate NGFW V7.4.7.
Defensive priority
Immediate for any exposed deployment; otherwise high priority for validation, access restriction, and patch planning.
Recommended defensive actions
- Review whether any affected interface exposes fabric service or CAPWAP control traffic.
- Block or strictly limit CAPWAP-CONTROL access to UDP port 5246 using local-in policy where applicable.
- Remove the fabric service from interfaces that do not require it.
- Follow the linked Siemens ProductCERT SSA-770770 and CISA ICSA-25-044-06 guidance for vendor remediation details.
- Plan and apply the vendor-recommended update path referenced in the advisory corpus.
- Inventory Siemens RUGGEDCOM APE1808 deployments and confirm whether any are internet-facing or reachable from untrusted networks.
- Monitor for unusual UDP traffic to CAPWAP-related ports on exposed industrial interfaces.
Evidence notes
The source corpus is internally inconsistent: the CSAF metadata identifies Siemens RUGGEDCOM APE1808 as the affected product, but the advisory description text repeated in the same record refers to a Fortinet FortiOS CAPWAP issue. This debrief preserves both source facts without reconciling them beyond the evidence provided. Timing references are taken from the supplied CVE and advisory timeline: published 2025-02-11 and republished/updated 2026-03-12.
Official resources
-
CVE-2024-35279 CVE record
CVE.org
-
CVE-2024-35279 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA CSAF ICSA-25-044-06 on 2025-02-11, with a later CISA republication update on 2026-03-12 based on Siemens ProductCERT SSA-770770.