PatchSiren cyber security CVE debrief
CVE-2024-47783 Siemens CVE debrief
CVE-2024-47783 is a high-severity local privilege escalation vulnerability in Siemens SIPORT, an industrial control system access management solution. Published on November 12, 2024, and last modified on May 6, 2025, this vulnerability stems from improper file permission assignments on installation folders. The flaw allows a local attacker with an unprivileged account to modify or override service executables, subsequently gaining elevated privileges on the affected system. The vulnerability carries a CVSS 3.1 score of 7.8 (HIGH), with the attack vector being local, requiring low attack complexity and low privileges, with no user interaction needed. The impact is severe across confidentiality, integrity, and availability dimensions. Siemens has addressed this issue in SIPORT version 3.4.0 and later. CISA published advisory ICSA-24-319-02 to coordinate disclosure and mitigation guidance for critical infrastructure operators.
- Vendor
- Siemens
- Product
- SIPORT
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-11-12
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens SIPORT access control systems in industrial, commercial, or critical infrastructure environments. Security teams responsible for OT/ICS security, system administrators managing SIPORT deployments, and compliance officers overseeing physical access control system security should prioritize this vulnerability. The local attack vector is particularly relevant in multi-user environments or where insider threats are a concern. Organizations subject to NERC CIP, IEC 62443, or similar industrial security standards should address this as part of secure configuration management requirements.
Technical summary
The vulnerability exists due to improper access control configuration during SIPORT installation, where installation folders are assigned permissions that allow non-administrative users to write to directories containing service executables. A local attacker with an unprivileged account can exploit this by replacing or modifying legitimate service binaries with malicious versions. When the service executes (potentially at system startup or during restart), the attacker's code runs with elevated privileges, achieving privilege escalation from standard user to SYSTEM or equivalent administrative context. The attack requires local access to the system but no user interaction, making it exploitable by any authenticated user with interactive logon rights.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor fix: Update SIPORT to version 3.4.0 or later
- Apply interim mitigation: Remove write permissions for non-administrative users on files and folders under the SIPORT installation path
- Review and audit file system permissions on all SIPORT installations
- Monitor for unauthorized modifications to service executables in SIPORT installation directories
- Implement principle of least privilege for all accounts with access to SIPORT systems
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Review Siemens ProductCERT security advisory SSA-064257 for additional technical details
Evidence notes
Vulnerability confirmed through Siemens ProductCERT security advisory SSA-064257 and CISA ICS advisory ICSA-24-319-02. The issue was identified in the CSAF product tree with high confidence attribution to Siemens SIPORT.
Official resources
-
CVE-2024-47783 CVE record
CVE.org
-
CVE-2024-47783 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Coordinated disclosure through CISA ICS advisory ICSA-24-319-02 and Siemens ProductCERT