CVE-2024-52965 Siemens CVE debrief

Who should care

Asset owners, OT/industrial security teams, and vulnerability managers responsible for systems referenced in Siemens ProductCERT advisory SSA-770770 / CISA ICSA-25-044-06 should review this immediately. Teams that rely on API-key plus certificate-based authentication should also verify whether any exposed assets match the CVE description or the Siemens product tree, because the source data is conflicting.

Technical summary

The CVE record describes a missing authentication step that may let an API user authenticate using api-key plus PKI user certificate authentication even when the certificate is invalid. The CVSS vector supplied in the source indicates network reachability with high privileges required (CVSS 3.1 vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), yielding a 7.2 HIGH score. The source corpus also contains a product/vendor mismatch: the vulnerability text refers to Fortinet products, while the CSAF advisory maps the issue to Siemens RUGGEDCOM APE1808.

Defensive priority

High for environments using certificate-based API authentication, but remediation should be gated by source verification because the affected product mapping is inconsistent. Confirm the exact asset population first, then apply vendor guidance and update controls for certificate validation and API access.

Recommended defensive actions

• Cross-check affected assets against both the CVE text and the Siemens CSAF product tree before scheduling remediation.
• Use the official Siemens ProductCERT advisory SSA-770770 and CISA ICSA-25-044-06 to confirm the correct fix and affected versions.
• Validate whether any API users rely on api-key plus certificate authentication and review certificate validation logic and access control.
• Apply vendor-recommended updates or mitigations only after confirming the correct product mapping; do not rely on the conflicting remediation text without verification.
• Review authentication logs for unexpected API login activity and investigate any successful logins that used invalid or expired certificates.
• Update vulnerability-management records to reflect the source-data conflict so follow-up remediation targets the correct platform.

Evidence notes

Published date used for timing context: 2025-02-11. The source item was later republished/updated on 2026-03-12, with a note that the update was based on Siemens ProductCERT advisory SSA-770770. The corpus conflicts in multiple places: the CVE description names Fortinet FortiOS/FortiProxy versions, the CSAF advisory and affected product tree list Siemens RUGGEDCOM APE1808, and the remediation field references Fortigate NGFW V7.4.7. Because of these inconsistencies, the safest interpretation is that the record must be verified directly against the official vendor references before operational use.

Official resources