PatchSiren cyber security CVE debrief
CVE-2024-5911 Siemens CVE debrief
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-04-09
- Advisory updated
- 2024-12-10
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 industrial networking equipment with Palo Alto Networks Virtual NGFW deployments, particularly those with administrative web interfaces exposed to network access. Security teams responsible for industrial control system (ICS) infrastructure, network administrators managing Panorama instances, and compliance officers overseeing critical infrastructure protection should prioritize assessment and remediation.
Technical summary
CVE-2024-5911 is an arbitrary file upload vulnerability in Palo Alto Networks Panorama software. An authenticated read-write administrator with web interface access can exploit this flaw to upload malicious files, disrupting system processes and causing the Panorama to crash. Repeated exploitation leads to maintenance mode, requiring manual intervention to restore service. The vulnerability has a CVSS 3.1 score of 7.2 (HIGH severity) with the vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C, indicating network accessibility, low attack complexity, high privilege requirements, and high impacts across confidentiality, integrity, and availability. The vulnerability was disclosed on 2024-04-09 and affects Siemens RUGGEDCOM APE1808 deployments utilizing Palo Alto Networks Virtual NGFW. Remediation involves upgrading to Palo Alto Networks Virtual NGFW V11.0.1 and contacting Siemens customer support for patch information.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW V11.0.1. Contact Siemens customer support to receive patch and update information.
- Review and apply ICS-CERT recommended practices for defense-in-depth strategies.
- Implement network segmentation to limit administrative access to the Panorama web interface.
- Monitor for repeated system crashes or maintenance mode entries that may indicate exploitation attempts.
- Ensure administrative accounts follow principle of least privilege, limiting read-write access where possible.
Evidence notes
The source advisory (ICSA-24-102-03) was initially published on 2024-04-09 and subsequently modified on 2024-08-13 to add CVE-2024-5911, then again on 2024-12-10 to add CVE-2024-5917. The CVE description describes a vulnerability in Palo Alto Networks Panorama software, though the advisory context indicates this affects Siemens RUGGEDCOM APE1808. The CVSS 3.1 vector indicates network attack vector, low attack complexity, high privileges required, no user interaction, and high impacts to confidentiality, integrity, and availability.
Official resources
-
CVE-2024-5911 CVE record
CVE.org
-
CVE-2024-5911 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09