PatchSiren cyber security CVE debrief
CVE-2024-47808 Siemens CVE debrief
CVE-2024-47808 is a high-severity vulnerability in Siemens SINEC NMS, published on November 12, 2024. The affected application contains a database function that fails to properly restrict user permissions for writing to the host filesystem. An authenticated attacker with medium privileges can exploit this flaw to write arbitrary content to any location on the host filesystem, potentially leading to complete system compromise. The vulnerability carries a CVSS 3.1 score of 8.4 (HIGH severity) with the vector AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H, indicating local attack vector, low attack complexity, low privileges required, no user interaction, changed scope, and high impact to integrity and availability. Siemens has released a vendor fix: users should update to SINEC NMS V3.0 SP1 or later. CISA has coordinated disclosure through advisory ICSA-24-319-04.
- Vendor
- Siemens
- Product
- SINEC NMS
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SINEC NMS for industrial network management, particularly in critical infrastructure environments. Security teams responsible for OT/ICS asset protection, database administrators managing SINEC NMS deployments, and compliance officers tracking industrial cybersecurity standards should prioritize this vulnerability for remediation.
Technical summary
The vulnerability exists in a database function within SINEC NMS that lacks proper permission restrictions for filesystem write operations. Authenticated users with medium privileges can leverage this function to write arbitrary content to any path on the host filesystem. This represents a significant security boundary violation in an industrial network management system, as filesystem write capabilities can enable further compromise including configuration tampering, malware deployment, or denial of service. The attack requires local access or existing authenticated session, with low complexity for exploitation.
Defensive priority
high
Recommended defensive actions
- Update Siemens SINEC NMS to V3.0 SP1 or later version as specified in vendor security advisory
- Review and restrict database user permissions to enforce principle of least privilege
- Monitor filesystem write operations for unauthorized or anomalous activity
- Apply network segmentation to limit access to SINEC NMS management interfaces
- Follow CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability description and remediation guidance sourced from CISA CSAF advisory ICSA-24-319-04 and Siemens security advisory SSA-331112. CVSS vector and score confirmed in source metadata.
Official resources
-
CVE-2024-47808 CVE record
CVE.org
-
CVE-2024-47808 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
coordinated