PatchSiren cyber security CVE debrief
CVE-2024-47903 Siemens CVE debrief
CVE-2024-47903 is a medium-severity vulnerability (CVSS 5.8) affecting Siemens InterMesh subscriber devices, published on 2024-10-23 and last modified on 2025-05-06. The vulnerability allows an attacker to write arbitrary files to the web server's DocumentRoot directory on affected devices, potentially enabling web defacement, malware hosting, or further compromise of the device. The issue stems from insufficient access controls on the web server component of the InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber products. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, and no known ransomware campaign use has been documented. Organizations should prioritize applying vendor-provided firmware updates and implementing network segmentation controls to mitigate exposure.
- Vendor
- Siemens
- Product
- InterMesh 7177 Hybrid 2.0 Subscriber
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-23
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-10-23
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens InterMesh 7177 Hybrid 2.0 Subscriber or InterMesh 7707 Fire Subscriber devices in industrial, utility, or critical infrastructure environments. Security teams responsible for ICS/OT network security, asset owners managing subscriber device deployments, and compliance personnel tracking vulnerability remediation for regulated industrial environments.
Technical summary
The web server component on Siemens InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber devices contains an arbitrary file write vulnerability. An unauthenticated attacker with network access can write files to the web server's DocumentRoot directory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N) indicates network exploitability with low complexity, no required privileges, scope change to the vulnerable component, and low integrity impact with no confidentiality or availability impact. This vulnerability could facilitate web defacement, hosting of malicious content, or serve as a pivot point for further attacks against the device or connected networks.
Defensive priority
medium
Recommended defensive actions
- Apply vendor firmware updates: Update InterMesh 7177 Hybrid 2.0 Subscriber to version 8.2.12 or later, and InterMesh 7707 Fire Subscriber to version 7.2.12 or later
- Restrict network access to InterMesh devices to trusted systems and authorized personnel only
- Consider disabling the IP interface on InterMesh 7707 Fire Subscriber devices if not required for operations
- Implement network segmentation to isolate affected devices from untrusted networks
- Monitor web server directories on affected devices for unauthorized file modifications
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
Vulnerability description and affected products confirmed through CISA CSAF advisory ICSA-24-303-01 and Siemens security advisory SSA-333468. CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N indicates network attack vector with low attack complexity, no privileges required, and scope change to impacted component.
Official resources
-
CVE-2024-47903 CVE record
CVE.org
-
CVE-2024-47903 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-23