PatchSiren cyber security CVE debrief

CVE-2024-50568 Siemens CVE debrief

A channel accessible by non-endpoint vulnerability (CWE-300) in Fortinet FortiOS and FortiProxy allows unauthenticated attackers with knowledge of device-specific data to spoof the identity of a downstream device in the security fabric via crafted TCP requests. This vulnerability affects Siemens RUGGEDCOM APE1808, which incorporates the affected Fortinet components. The issue was disclosed on July 9, 2024, and carries a CVSS 3.1 score of 5.9 (Medium severity). The attack requires network access and high attack complexity, but no user interaction or privileges. Successful exploitation could allow an attacker to impersonate legitimate downstream devices within the security fabric, potentially enabling unauthorized access to security telemetry or policy enforcement actions. Siemens has issued a vendor fix recommending update of the FortiGate NGFW component to version 7.4.4.

Vendor: Siemens
Product: RUGGEDCOM APE1808
CVSS: MEDIUM 5.9
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-07-09
Original CVE updated: 2026-01-14
Advisory published: 2024-07-09
Advisory updated: 2026-01-14

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices in industrial control system environments, particularly those with security fabric deployments connecting multiple Fortinet security devices. Security teams responsible for OT/ICS network segmentation and device identity management should prioritize verification of downstream device authenticity. Organizations with externally exposed security fabric management interfaces face elevated risk and should implement immediate network access restrictions pending patch application.

Technical summary

This vulnerability stems from improper channel endpoint verification (CWE-300) in Fortinet's security fabric implementation. The affected FortiOS versions (7.4.0-7.4.3, 7.2.0-7.2.7, before 7.0.14) and FortiProxy versions (7.4.0-7.4.3, 7.2.0-7.2.9, before 7.0.16) fail to adequately validate device identity during security fabric downstream device registration. An attacker with knowledge of device-specific identifiers can craft TCP requests to impersonate legitimate downstream devices. The Siemens RUGGEDCOM APE1808, which integrates Fortinet NGFW functionality, is affected through this upstream component. The high attack complexity (AC:H) reflects the requirement for device-specific knowledge, but the network attack vector (AV:N) and lack of authentication requirements create exposure for externally reachable management interfaces. Integrity impact is rated high (I:H) due to the potential for policy manipulation or telemetry interception, while confidentiality and availability impacts are none.

Defensive priority

medium

Recommended defensive actions

Contact Siemens customer support to obtain patch and update information for FortiGate NGFW component update to version 7.4.4
Review security fabric device authentication and verify integrity of downstream device identities
Apply network segmentation to limit exposure of security fabric management interfaces
Monitor for anomalous device registration or authentication events in security fabric logs
Implement defense-in-depth strategies per CISA ICS recommended practices for industrial control systems

Evidence notes

The vulnerability description and affected product information are derived from CISA CSAF advisory ICSA-24-193-02, which documents this as an upstream Fortinet vulnerability affecting Siemens RUGGEDCOM APE1808. The CVSS vector (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RC:C) indicates network attack vector, high attack complexity, no privileges required, no user interaction, and high impact to integrity. The remediation guidance specifies FortiGate NGFW update to V7.4.4 with customer support contact for patch information.

Official resources

2024-07-09