CVE-2024-56835 Siemens CVE debrief

Who should care

OT/ICS operators using Siemens RUGGEDCOM ROX II family devices, plant and infrastructure defenders, and teams responsible for asset management, patching, and network segmentation in industrial environments.

Technical summary

The advisory describes code injection in the DHCP Server configuration file on affected Siemens RUGGEDCOM ROX II family products. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, scoring 8.8 (High), indicating a network-reachable issue that requires low privileges and can have full confidentiality, integrity, and availability impact. The stated consequence is reverse-shell execution leading to root access.

Defensive priority

High

Recommended defensive actions

• Update affected Siemens RUGGEDCOM ROX II family devices to V2.17.0 or later.
• Review whether any affected devices are reachable from untrusted networks and tighten segmentation and access controls.
• Monitor affected systems for unexpected changes to DHCP configuration files or other signs of tampering.
• Validate device integrity and configuration after patching, especially in operational environments where availability is critical.
• Follow CISA ICS recommended practices and Siemens vendor guidance for deployment, testing, and recovery planning.

Evidence notes

All core claims come from the supplied CISA CSAF advisory metadata and referenced Siemens advisory materials. The source describes code injection in the DHCP Server configuration file and states an attacker could spawn a reverse shell and gain root access. The supplied metadata also lists a CVSS 3.1 score of 8.8 with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and a remediation to update to V2.17.0 or later. Supplied publishedAt and modifiedAt are both 2025-12-09.

Official resources