PatchSiren cyber security CVE debrief
CVE-2024-47570 Siemens CVE debrief
CVE-2024-47570 is a medium-severity (CVSS 6.6) information disclosure vulnerability affecting Fortinet software components embedded in Siemens RUGGEDCOM APE1808 devices. The flaw, classified as CWE-532 (Insertion of Sensitive Information into Log File), was published on July 9, 2024, and last modified on January 14, 2026. The vulnerability exists in FortiOS versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, and all 7.0 versions; FortiProxy 7.4.0 through 7.4.3 and 7.2.0 through 7.2.11; FortiPAM versions 1.0 through 1.4; and FortiSRA 1.4. When REST API logging is enabled—a non-default configuration—read-only administrators can retrieve API tokens of other administrators by observing REST API logs. This exposes privileged credentials that could enable further unauthorized access. Siemens has issued a vendor fix recommending update of the Fortigate NGFW component to version 7.4.4, with customers directed to contact Siemens support for patch and update information. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 6.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Fortinet NGFW components, particularly those in industrial control system (ICS) environments where read-only administrative roles are common for operational technology security practices. Security teams responsible for API token lifecycle management and logging configuration in converged IT/OT environments.
Technical summary
The vulnerability stems from sensitive information (API tokens) being written to REST API log files without adequate access controls. When REST API logging is enabled, read-only administrators with log access can observe and extract API tokens belonging to other administrative users. This violates the principle of least privilege and enables credential theft that could escalate to full administrative compromise. The attack requires: (1) REST API logging enabled (non-default), (2) attacker holds read-only administrator privileges, and (3) attacker has access to view REST API logs. The CVSS vector indicates network attack vector, high attack complexity, high privileges required, no user interaction, unchanged scope, and high impacts to confidentiality, integrity, and availability.
Defensive priority
medium
Recommended defensive actions
- Contact Siemens customer support to obtain and apply the Fortigate NGFW V7.4.4 update for RUGGEDCOM APE1808 devices
- Review REST API logging configuration and disable if not required for operational purposes
- Audit administrator accounts and API token assignments to identify potential exposure
- Monitor REST API logs for unauthorized access patterns if logging must remain enabled
- Apply defense-in-depth controls per CISA ICS recommended practices to limit lateral movement potential
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-193-02. Vendor attribution to Siemens and product identification as RUGGEDCOM APE1808 confirmed through CSAF product tree. CVSS score and severity from official CVE record. Timeline dates per CVE published and modified timestamps.
Official resources
-
CVE-2024-47570 CVE record
CVE.org
-
CVE-2024-47570 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-09