CVE-2024-43485 Siemens CVE debrief

Who should care

Siemens INTRALOG WMS operators, OT/ICS administrators, and security teams responsible for patching and availability management in environments where the product is deployed.

Technical summary

The supplied advisory metadata classifies the issue with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a remotely reachable, unauthenticated availability impact with no confidentiality or integrity impact. The source description labels the issue as a ".NET and Visual Studio Denial of Service Vulnerability," while the affected product mapping points to Siemens INTRALOG WMS. The remediation provided in the source corpus is to update to V5 or later.

Defensive priority

High. Prioritize affected deployments, especially where a service interruption would affect operational continuity.

Recommended defensive actions

• Update Siemens INTRALOG WMS to V5 or later, per the vendor remediation guidance.
• Inventory all deployments of Siemens INTRALOG WMS and confirm which versions are exposed or in active use.
• Restrict network access to the affected system and segment it from less-trusted networks where possible.
• Apply standard ICS defense-in-depth and recommended-practices guidance from CISA and Siemens.
• Validate operational backups and recovery procedures so availability recovery is faster if service disruption occurs.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory ICSA-25-135-02, published 2025-05-13, and the referenced Siemens advisory SSA-901508. The source metadata lists Siemens as the vendor, INTRALOG WMS as the affected product, and the remediation as updating to V5 or later. The CVSS vector in the source corpus is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Official resources