CVE-2024-50310 Siemens CVE debrief

Who should care

Industrial control system operators, OT security teams, manufacturing security engineers, critical infrastructure defenders, and asset owners using Siemens SIMATIC CP 1543-1 V4.0 in production environments

Technical summary

The vulnerability exists in the authorization handling mechanism of Siemens SIMATIC CP 1543-1 V4.0 communication processors (part number 6GK7543-1AX10-0XE0). An unauthenticated remote attacker can exploit improper authorization checks on TCP port 8448 to gain unauthorized filesystem access. The attack requires network connectivity to the device but no authentication credentials or user interaction. Successful exploitation exposes sensitive configuration files and potentially enables further lateral movement within industrial networks. The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C confirms network exploitability with high confidentiality impact. Siemens addressed this in firmware V4.0.50; interim mitigation requires network-layer access controls on port 8448/tcp.

Defensive priority

HIGH

Recommended defensive actions

• Apply Siemens firmware update V4.0.50 or later to affected SIMATIC CP 1543-1 V4.0 devices
• Restrict network access to TCP port 8448 to trusted administrative hosts only
• Segment affected devices from untrusted networks using industrial firewall rules
• Monitor for unauthorized access attempts on port 8448/tcp
• Review device filesystem access logs for indicators of compromise prior to patching

Evidence notes

CVE published 2024-11-12; CISA CSAF advisory ICSA-24-319-11 issued same date; Siemens security advisory SSA-654798; firmware fix V4.0.50 available; advisory revised 2025-05-06 for typo corrections only.

Official resources