PatchSiren cyber security CVE debrief
CVE-2024-36140 Siemens CVE debrief
A stored cross-site scripting (XSS) vulnerability exists in the user accounts tab of Siemens OZW672 and OZW772 Web Server devices. An authenticated remote attacker can inject arbitrary JavaScript code that executes when another authenticated user—potentially with higher privileges—views the affected page. The vulnerability was disclosed on November 12, 2024, with a revision on May 6, 2025, to correct typos. Siemens has released firmware version 5.2 or later to address this issue. The CVSS 3.1 score of 6.8 reflects network attack vector, low attack complexity, required low privileges, and high integrity impact with user interaction needed.
- Vendor
- Siemens
- Product
- OZW672
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-11-12
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens OZW672 or OZW772 Web Server devices for building automation or HVAC control systems; industrial control system administrators responsible for web-based device management; security teams monitoring for authenticated attack chains in OT environments.
Technical summary
The user accounts management interface in Siemens OZW672 and OZW772 Web Server devices fails to properly sanitize input, allowing stored XSS attacks. An authenticated attacker with low privileges can persist malicious JavaScript in account fields. When a victim with potentially elevated privileges accesses the user accounts tab, the injected script executes in their browser context. This enables session hijacking, privilege escalation, or unauthorized administrative actions. The attack requires network access to the web interface and user interaction from the victim.
Defensive priority
medium
Recommended defensive actions
- Apply Siemens firmware update to version 5.2 or later for affected OZW672 and OZW772 devices
- Review user account configurations for unauthorized modifications or injected content
- Implement principle of least privilege for web server administrative accounts
- Consider network segmentation to limit exposure of web management interfaces
- Monitor for anomalous authentication patterns or unexpected administrative actions
Evidence notes
The vulnerability description and remediation guidance are derived from CISA CSAF advisory ICSA-24-319-03, which references Siemens security advisory SSA-230445. The affected products are confirmed as OZW672 and OZW772 Web Server devices. The fix version is explicitly stated as V5.2 or later.
Official resources
-
CVE-2024-36140 CVE record
CVE.org
-
CVE-2024-36140 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12