PatchSiren cyber security CVE debrief
CVE-2024-52963 Siemens CVE debrief
CVE-2024-52963 was publicly disclosed in the supplied CISA CSAF advisory on 2025-05-13 and republished on 2026-02-12 based on Siemens ProductCERT SSA-864900. The core impact described in the corpus is a denial of service caused by an out-of-bounds write triggered by specially crafted packets. The advisory metadata in the source set identifies Siemens RUGGEDCOM APE1808 as the affected product, but the vulnerability description and remediation text reference Fortinet FortiOS/FortiGate, so the notice should be validated against the linked vendor advisory before operational action.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
Asset owners, operators, and security teams responsible for Siemens RUGGEDCOM APE1808 deployments, plus anyone triaging the linked CISA/Siemens advisory in OT or industrial environments. Because the supplied corpus contains product and remediation-text inconsistencies, inventory validation is especially important before applying any fix guidance.
Technical summary
The supplied advisory describes an out-of-bounds write that can lead to denial of service via specially crafted packets. The CVSS vector provided is AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L, which aligns with a network-triggered availability impact and no direct confidentiality or integrity impact. The source metadata names Siemens RUGGEDCOM APE1808, while the descriptive and remediation fields mention Fortinet FortiOS/FortiGate and a minimum update of V7.4.9 or later; that mismatch is present in the corpus and should be treated as an advisory-quality issue, not as a confirmed product fact.
Defensive priority
Low to moderate. The disclosed impact is availability-only and the CVSS score is 3.7 (LOW), but it can still matter in environments where service interruption is operationally significant.
Recommended defensive actions
- Confirm whether Siemens RUGGEDCOM APE1808 is present in your environment and map affected assets to the linked advisory.
- Review the official Siemens ProductCERT advisory (SSA-864900) and the CISA republication before taking action.
- Treat the Fortinet/FortiOS/FortiGate remediation text in the corpus as potentially inconsistent until verified against the official vendor notice.
- If the advisory applies to your environment, follow the vendor-published remediation or mitigation guidance exactly as issued.
- Use standard OT defense-in-depth controls and monitoring to reduce the impact of packet-triggered denial-of-service conditions.
Evidence notes
The source corpus states: published 2025-05-13 and modified 2026-02-12; CISA republication cites Siemens ProductCERT SSA-864900. The advisory metadata identifies Siemens RUGGEDCOM APE1808 as the affected product. However, the description text in the corpus says: 'A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.' The remediation text also references Fortigate NGFW and FortiOS settings. Because these fields conflict with the Siemens metadata, the safest interpretation is that the corpus contains an internal inconsistency that requires verification against the linked official advisory.
Official resources
-
CVE-2024-52963 CVE record
CVE.org
-
CVE-2024-52963 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the supplied source corpus on 2025-05-13; CISA republication update based on Siemens ProductCERT SSA-864900 is dated 2026-02-12.