PatchSiren cyber security CVE debrief
CVE-2024-5916 Siemens CVE debrief
CVE-2024-5916 is an information exposure vulnerability in Palo Alto Networks PAN-OS software that was disclosed on April 9, 2024, and last modified on May 13, 2025. The vulnerability enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator with access to the configuration log can read these sensitive credentials. The vulnerability affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW, as documented in CISA advisory ICSA-24-102-04. The CVSS 3.1 score of 4.4 (MEDIUM) reflects local attack vector, low attack complexity, high privileges required, and high confidentiality impact with no integrity or availability impact. Siemens published remediation guidance in SSA-455250, with the fix involving upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3; customers must contact support for patch details. The advisory was updated multiple times through May 2025 to incorporate additional upstream vulnerabilities.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 4.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly those with read-only administrative accounts that have configuration log access. Industrial control system operators and OT security teams should prioritize this vulnerability due to potential credential exposure for external systems.
Technical summary
CVE-2024-5916 is an information exposure vulnerability in Palo Alto Networks PAN-OS software with a CVSS 3.1 score of 4.4 (MEDIUM). The vulnerability allows a read-only administrator with access to configuration logs to read secrets, passwords, and tokens for external systems. The attack requires local access and high privileges. The vulnerability affects Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. Remediation requires upgrading to Virtual NGFW V11.1.2-h3, with patches available through customer support.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.2-h3 on affected Siemens RUGGEDCOM APE1808 devices; contact Siemens or Palo Alto Networks customer support to obtain patch and update information
- Review and restrict read-only administrator access to configuration logs containing external system credentials
- Audit configuration logs for unauthorized access to secrets, passwords, and tokens
- Apply defense-in-depth practices for industrial control systems per CISA guidance
- Monitor for anomalous access patterns to configuration logs by read-only administrative accounts
Evidence notes
The CVE description and CISA CSAF source (ICSA-24-102-04) establish that this vulnerability exists in Palo Alto Networks PAN-OS software but affects Siemens RUGGEDCOM APE1808 when configured with Palo Alto Networks Virtual NGFW. The revision history shows CVE-2024-5916 was added in version 1.3 on September 10, 2024. The CVSS vector (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C) confirms local attack vector with high privileges required. Remediation details specify upgrade to Virtual NGFW V11.1.2-h3 with customer support contact required for patch access.
Official resources
-
CVE-2024-5916 CVE record
CVE.org
-
CVE-2024-5916 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09