PatchSiren cyber security CVE debrief
CVE-2024-5919 Siemens CVE debrief
A blind XML External Entities (XXE) injection vulnerability in Palo Alto Networks PAN-OS software enables authenticated attackers to exfiltrate arbitrary files from firewalls to attacker-controlled servers. This vulnerability requires network access to the firewall management interface. The vulnerability affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. The issue was first published on April 9, 2024, with the most recent advisory update on May 13, 2025, which added newly published upstream vulnerability CVE-2025-0127. A vendor fix is available requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3; customers must contact customer support to receive patch and update information.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- LOW 3.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-04-09
- Original CVE updated
- 2025-05-13
- Advisory published
- 2024-04-09
- Advisory updated
- 2025-05-13
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly in industrial control system environments. Security teams responsible for firewall management and network segmentation in critical infrastructure sectors. Administrators with responsibility for firewall configuration and patch management. Organizations subject to regulatory requirements for industrial control system security.
Technical summary
This vulnerability is a blind XML External Entities (XXE) injection flaw in Palo Alto Networks PAN-OS software. The vulnerability allows an authenticated attacker with network access to the firewall management interface to exfiltrate arbitrary files from the firewall to an attacker-controlled server. The attack is blind, meaning the attacker does not receive direct responses in-band but can still achieve data exfiltration through out-of-band techniques. The CVSS 3.1 vector indicates network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, low confidentiality and integrity impact, and no availability impact. The vulnerability specifically affects Siemens RUGGEDCOM APE1808 devices when configured with Palo Alto Networks Virtual NGFW. Remediation requires upgrading to Virtual NGFW V11.1.2-h3, with patch availability managed through customer support channels.
Defensive priority
medium
Recommended defensive actions
- Contact Palo Alto Networks customer support to obtain patch and update information for Virtual NGFW V11.1.2-h3
- Upgrade affected Siemens RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW to the fixed version
- Restrict network access to firewall management interfaces to authorized administrative hosts only
- Monitor for unauthorized access attempts to firewall management interfaces
- Review file access logs on firewalls for indicators of unauthorized file exfiltration
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-102-04. Vendor fix specifies upgrade to Palo Alto Networks Virtual NGFW V11.1.2-h3 with customer support contact required for patch delivery. Advisory revision history confirms CVE-2024-5919 was added in version 1.5 on December 10, 2024.
Official resources
-
CVE-2024-5919 CVE record
CVE.org
-
CVE-2024-5919 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-04-09