PatchSiren cyber security CVE debrief
CVE-2024-47902 Siemens CVE debrief
CVE-2024-47902 is a HIGH severity vulnerability (CVSS 7.2) affecting Siemens InterMesh subscriber devices. The web server on affected devices fails to authenticate GET requests that execute operating system-level commands such as `ping`, allowing unauthenticated remote attackers to execute arbitrary OS commands. The vulnerability was published on October 23, 2024, with a revision on May 6, 2025. Two product variants are affected: InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber. Siemens has released firmware updates to address this issue, and CISA has published mitigation guidance. No known exploitation in ransomware campaigns has been reported, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- InterMesh 7177 Hybrid 2.0 Subscriber
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-23
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-10-23
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens InterMesh subscriber devices in telecommunications, utility, or industrial networks; OT security teams managing remote subscriber equipment; network administrators responsible for device hardening and access control; and critical infrastructure operators relying on InterMesh devices for backhaul or field communications.
Technical summary
The vulnerability exists in the web server component of Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber devices. The web server improperly handles GET requests, failing to require authentication before executing operating system commands. An attacker can send a crafted HTTP GET request to trigger OS-level command execution (such as the `ping` utility) without providing credentials. The attack is network-accessible, requires no privileges or user interaction, and has low complexity. The CVSS 3.1 score of 7.2 reflects the scope change (S:C) and impacts to confidentiality (C:L) and integrity (I:L), with no availability impact. This represents a classic missing authentication vulnerability in an embedded web management interface commonly found in industrial telecommunications equipment.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor firmware updates: update InterMesh 7177 Hybrid 2.0 Subscriber to V8.2.12 or later, and InterMesh 7707 Fire Subscriber to V7.2.12 or later
- If patching is not immediately feasible, disable the IP interface on affected devices where operationally possible
- Restrict network access to InterMesh devices to trusted systems and authorized personnel only
- Monitor network traffic for unauthorized GET requests to device web interfaces containing command execution patterns
- Segment InterMesh devices from untrusted networks using firewall rules and network isolation
- Review and implement CISA ICS recommended practices for defense-in-depth strategies
- Audit device configurations to ensure administrative interfaces are not exposed to public internet
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-303-01 and Siemens security advisory SSA-333468. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N indicates network-accessible attack vector with low complexity, no privileges required, and no user interaction needed.
Official resources
-
CVE-2024-47902 CVE record
CVE.org
-
CVE-2024-47902 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-23