PatchSiren cyber security CVE debrief
CVE-2024-47901 Siemens CVE debrief
A critical vulnerability in Siemens InterMesh subscriber devices allows unauthenticated remote attackers to execute arbitrary code with root privileges. The web server fails to sanitize input parameters in specific GET requests, enabling operating system-level code execution. When combined with CVE-2024-47902, CVE-2024-47903, and CVE-2024-47904, this vulnerability chain results in complete system compromise. The affected products are the InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber, both industrial communication devices used in critical infrastructure environments. Siemens has released firmware updates to address this vulnerability, and CISA has published an advisory as part of its ICS security program.
- Vendor
- Siemens
- Product
- InterMesh 7177 Hybrid 2.0 Subscriber
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-23
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-10-23
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens InterMesh 7177 Hybrid 2.0 Subscriber or InterMesh 7707 Fire Subscriber devices, particularly in critical infrastructure sectors including energy, water, transportation, and manufacturing. Security teams responsible for industrial control system (ICS) and SCADA environments should prioritize this vulnerability due to its critical severity, unauthenticated exploitation path, and potential for complete system compromise. Network administrators and OT security engineers should assess device exposure and implement recommended mitigations immediately.
Technical summary
The vulnerability exists in the web server component of Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber devices. Insufficient input sanitization on specific GET request parameters allows for operating system command injection. This vulnerability is particularly severe because it can be exploited without authentication, and when chained with three related vulnerabilities (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904), enables unauthenticated remote attackers to achieve arbitrary code execution with root privileges. The attack vector is network-based, requires no user interaction, and has low attack complexity, resulting in a CVSS 3.1 score of 10.0 (Critical). These devices are typically deployed in industrial and critical infrastructure environments where compromise could have significant operational and safety impacts.
Defensive priority
critical
Recommended defensive actions
- Apply vendor firmware updates immediately: update InterMesh 7177 Hybrid 2.0 Subscriber to V8.2.12 or later, and InterMesh 7707 Fire Subscriber to V7.2.12 or later
- If patching is not immediately possible, disable the IP interface on affected devices as a temporary mitigation
- Restrict network access to InterMesh devices to trusted systems and authorized personnel only
- Monitor for suspicious GET requests to the device web server that may indicate exploitation attempts
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
- Assess exposure of affected devices to untrusted networks, particularly internet-facing deployments
- Coordinate with Siemens support for additional hardening guidance specific to your deployment environment
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-303-01 and Siemens security advisory SSA-333468. CVSS 3.1 score of 10.0 (Critical) assigned. The vulnerability requires no authentication, no user interaction, and is exploitable over the network with low attack complexity.
Official resources
-
CVE-2024-47901 CVE record
CVE.org
-
CVE-2024-47901 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-23