CVE-2024-5918 Siemens CVE debrief

Who should care

Organizations using Siemens RUGGEDCOM APE1808 with Palo Alto Networks Virtual NGFW, particularly those with GlobalProtect deployments using client certificate authentication. Industrial control system operators should prioritize this fix given the critical infrastructure context.

Technical summary

CVE-2024-5918 is an improper certificate validation vulnerability in Palo Alto Networks PAN-OS software. When GlobalProtect is configured to 'Allow Authentication with User Credentials OR Client Certificate,' an authorized attacker can use a specially crafted client certificate to authenticate as a different legitimate user. This affects Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. The vulnerability has a CVSS 3.1 score of 7.4 (HIGH). A vendor fix is available by upgrading to Palo Alto Networks Virtual NGFW V11.1.2-h3.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to V11.1.2-h3. Contact customer support to receive patch and update information.
• Review GlobalProtect authentication configuration and disable 'Allow Authentication with User Credentials OR Client Certificate' if not required.
• Validate client certificate authentication implementations to ensure proper certificate chain validation and subject verification.
• Monitor GlobalProtect portal and gateway logs for anomalous authentication patterns or certificate-based access attempts.
• Apply defense-in-depth controls for industrial control systems per CISA recommended practices.

Evidence notes

CVE published 2024-04-09; modified 2025-05-13. CISA CSAF advisory ICSA-24-102-04 tracks this vulnerability for Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. The advisory was updated on 2024-12-10 to add CVE-2024-5918 as a newly published upstream vulnerability.

Official resources