PatchSiren cyber security CVE debrief
CVE-2024-47904 Siemens CVE debrief
A local privilege escalation vulnerability exists in Siemens InterMesh subscriber devices due to a SUID binary that allows authenticated local attackers to execute arbitrary commands with root privileges. The vulnerability was disclosed on October 23, 2024, with a revision on May 6, 2025, to correct typos. The affected products are the InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber. Siemens has released firmware updates to address this issue.
- Vendor
- Siemens
- Product
- InterMesh 7177 Hybrid 2.0 Subscriber
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-10-23
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-10-23
- Advisory updated
- 2025-05-06
Who should care
Organizations operating Siemens InterMesh 7177 Hybrid 2.0 Subscriber or InterMesh 7707 Fire Subscriber devices in industrial, utility, or critical infrastructure environments should prioritize remediation. System administrators responsible for industrial control system (ICS) security, network engineers managing field device deployments, and security teams overseeing OT/IT convergence should assess exposure and apply updates. Organizations subject to NERC CIP, IEC 62443, or similar industrial cybersecurity frameworks should document this vulnerability in their risk registers.
Technical summary
The vulnerability stems from a Set-User-ID (SUID) binary present on affected Siemens InterMesh subscriber devices. SUID binaries execute with the privileges of the file owner (in this case, root) rather than the invoking user. An authenticated local attacker can exploit this misconfiguration to execute arbitrary commands with root privileges, resulting in complete system compromise. The attack requires local access and valid authentication credentials, but no user interaction. The vulnerability has been addressed through firmware updates that remove or properly secure the SUID binary.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor firmware updates: update InterMesh 7177 Hybrid 2.0 Subscriber to V8.2.12 or later, and InterMesh 7707 Fire Subscriber to V7.2.12 or later
- Restrict physical and logical access to affected devices to authorized personnel only
- Implement network segmentation to limit access to InterMesh management interfaces
- Monitor for unauthorized local authentication attempts on affected devices
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
The vulnerability description and remediation guidance are sourced from CISA CSAF advisory ICSA-24-303-01, which references Siemens security advisory SSA-333468. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) confirms local attack vector with low complexity requiring low privileges, resulting in high impact to confidentiality, integrity, and availability.
Official resources
-
CVE-2024-47904 CVE record
CVE.org
-
CVE-2024-47904 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-10-23