PatchSiren cyber security CVE debrief
CVE-2024-56840 Siemens CVE debrief
CVE-2024-56840 is a Siemens RUGGEDCOM ROX II family vulnerability involving IPsec under certain conditions. The advisory says the issue may allow code injection on the affected device, and an attacker could leverage it to execute arbitrary code as root. CISA’s CSAF entry lists the issue as high severity with CVSS 3.1 score 7.2, and Siemens provides a fixed version: V2.17.0 or later.
- Vendor
- Siemens
- Product
- RUGGEDCOM ROX II family
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-09
- Original CVE updated
- 2025-12-09
- Advisory published
- 2025-12-09
- Advisory updated
- 2025-12-09
Who should care
Organizations operating Siemens RUGGEDCOM ROX II devices, especially OT/industrial networking teams, should care. This is most relevant to defenders managing IPsec-enabled deployments, remote access paths, or perimeter devices where unauthorized code execution could affect availability, integrity, or control-plane trust.
Technical summary
The supplied advisory describes an IPsec-related code injection condition in the Siemens RUGGEDCOM ROX II family. The CVSS vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates the issue is network-reachable, requires high privileges, and does not need user interaction. If successfully exploited, the impact can extend to full confidentiality, integrity, and availability compromise, including root-level arbitrary code execution.
Defensive priority
High. The combination of network reachability, root-level code execution potential, and OT device exposure makes timely remediation important, even though exploitation requires high privileges.
Recommended defensive actions
- Update Siemens RUGGEDCOM ROX II devices to V2.17.0 or later, per the vendor remediation.
- Identify all IPsec-enabled RUGGEDCOM ROX II assets and verify whether they are exposed to trusted or semi-trusted administrative paths.
- Restrict and monitor privileged access to affected devices, since the CVSS vector requires high privileges.
- Review OT segmentation and management-plane access controls around affected devices to reduce the chance of misuse.
- Use vendor and CISA guidance to validate remediation status and track any follow-on advisories.
Evidence notes
All claims are drawn from the supplied CISA CSAF source item and its referenced Siemens advisory. The source description states: “Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.” The supplied metadata lists CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C, score 7.2, severity HIGH, and the remediation “Update to V2.17.0 or later version.” Timing context uses the supplied CVE/source published and modified dates of 2025-12-09.
Official resources
-
CVE-2024-56840 CVE record
CVE.org
-
CVE-2024-56840 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory published on 2025-12-09 per the supplied CVE/source timeline. Siemens remediation is available; no KEV listing is indicated in the supplied data.