PatchSiren cyber security CVE debrief
CVE-2024-55599 Siemens CVE debrief
CVE-2024-55599 is listed in CISA’s republication of Siemens ProductCERT advisory SSA-864900 / ICSA-25-135-01 for Siemens RUGGEDCOM APE1808. The supplied record describes a network-exploitable, unauthenticated issue with CVSS 5.3 and CWE-358, but the same corpus also contains FortiOS/FortiProxy wording and a Fortigate remediation note that do not align with the Siemens product metadata. Treat the product/remediation details as needing validation against the linked Siemens advisory before actioning any fix path.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-13
- Original CVE updated
- 2026-02-12
- Advisory published
- 2025-05-13
- Advisory updated
- 2026-02-12
Who should care
Siemens RUGGEDCOM APE1808 owners and operators, OT/ICS security teams, network defenders responsible for DNS filtering controls, and asset managers who need to validate whether the advisory applies to their environment.
Technical summary
The CISA CSAF record shows CVE-2024-55599 as part of ICSA-25-135-01 for Siemens RUGGEDCOM APE1808. The supplied vulnerability description characterizes it as an Improperly Implemented Security Check for Standard (CWE-358) that may allow a remote unauthenticated user to bypass DNS filtering via Apple devices, with CVSS 3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U (5.3). The revision history is important: the advisory was published on 2025-05-13, CVE-2024-55599 was added in a later revision dated 2025-08-12, and the CISA republication was updated again on 2026-02-12. The corpus also includes conflicting FortiOS/FortiProxy and Fortigate references, so the exact affected product and fix should be confirmed from the Siemens-linked advisory.
Defensive priority
Medium, with elevated validation priority because the supplied corpus contains conflicting product and remediation data.
Recommended defensive actions
- Validate whether CVE-2024-55599 applies to your Siemens RUGGEDCOM APE1808 inventory by reviewing the linked Siemens ProductCERT advisory and CISA CSAF record.
- Do not apply the Fortigate NGFW remediation note in the corpus to Siemens assets without confirmation; the remediation text appears inconsistent with the product metadata.
- Track the advisory revision history for updates, since this CVE was added after the initial publication and the record was republished later.
- Restrict and monitor access to DNS filtering-dependent paths and review any Apple-device traffic assumptions in affected environments.
- Use the vendor-authoritative Siemens guidance for any firmware or configuration update path once the affected scope is confirmed.
Evidence notes
Source metadata ties the advisory to Siemens RUGGEDCOM APE1808 and CISA advisory ICSA-25-135-01, with publication on 2025-05-13. The revision history shows CVE-2024-55599 was added on 2025-08-12 and the record was republished on 2026-02-12. The supplied description states CWE-358, unauthenticated remote bypass of DNS filtering via Apple devices, but the corpus also includes FortiOS/FortiProxy language and a Fortigate remediation note, creating a clear internal inconsistency that should be resolved against the official Siemens advisory before remediation.
Official resources
-
CVE-2024-55599 CVE record
CVE.org
-
CVE-2024-55599 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory republished by CISA from Siemens ProductCERT; no KEV listing is present in the supplied data. The CVE was added after the initial advisory publication and later republished again, so revision history matters for timing and,e