PatchSiren cyber security CVE debrief
CVE-2024-48510 Siemens CVE debrief
CVE-2024-48510 is a critical directory traversal vulnerability associated with Siemens SiPass integrated V2.90 and V2.95. According to the advisory, the issue can lead to arbitrary code execution in a restore scenario that uses a specially crafted backup set. Siemens and CISA also note an important constraint: the affected product versions are no longer supported by the maintainer, which narrows the practical exposure but does not reduce the need to remove or replace affected deployments. Fixes are available for both affected branches, and the advisory also recommends limiting restore actions to trusted personnel and avoiding untrusted backup files.
- Vendor
- Siemens
- Product
- SiPass integrated V2.90
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-17
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-02-17
- Advisory updated
- 2025-05-06
Who should care
Organizations still running Siemens SiPass integrated V2.90 or V2.95, especially environments that allow configuration restores from backup media. Security, operations, and OT/ICS teams responsible for access-control systems should treat this as a high-priority remediation item.
Technical summary
The advisory describes a directory traversal flaw in DotNetZip v1.16.0 and earlier, referenced through src/Zip.Shared/ZipEntry.Extract.cs. The stated impact is remote arbitrary code execution, with CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. However, the published notes add two key constraints: the affected products are unsupported, and exploitation is only described in the context of restoring a specially crafted backup set. CISA’s CSAF lists Siemens SiPass integrated V2.90 and V2.95 as the affected products and provides vendor fixes for both branches.
Defensive priority
High priority, with immediate action recommended for any remaining affected Siemens SiPass integrated deployments. The combination of critical severity, available vendor fixes, and a restore-path exploitation condition makes version verification and upgrade/removal the most important response.
Recommended defensive actions
- Upgrade Siemens SiPass integrated V2.90 to V2.90.3.19 or later.
- Upgrade Siemens SiPass integrated V2.95 to V2.95.3.15 or later.
- Ensure only trusted persons can initiate a restore via the Configuration Client.
- Do not use untrusted backup files for restores.
- Inventory any SiPass integrated installations to confirm whether V2.90 or V2.95 is still in use.
- Treat unsupported deployments as higher risk and plan migration or replacement if upgrading is not possible.
- Review restore procedures and backup provenance controls before performing any recovery operation.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-051-04 and the Siemens product security references cited there. The source text explicitly states: the flaw is a directory traversal issue in DotNetZip v1.16.0 and before; it can allow arbitrary code execution via src/Zip.Shared/ZipEntry.Extract.cs; it only affects products that are no longer supported by the maintainer; and exploitation is described only when a specially crafted backup set is used for a restore. The advisory lists Siemens SiPass integrated V2.90 and V2.95 as affected products and includes version-specific fixes.
Official resources
-
CVE-2024-48510 CVE record
CVE.org
-
CVE-2024-48510 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-17 in CISA advisory ICSA-25-051-04, with a revision on 2025-05-06 noted as typo fixes only. The CVE and source advisory dates should be used as the issue timeline; later publication or processing dates are not.