CVE-2024-5920 Siemens CVE debrief

Who should care

Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly those using Panorama for centralized management. OT security teams managing industrial control system networks with RADIUS authentication infrastructure.

Technical summary

A stored cross-site scripting vulnerability exists in Palo Alto Networks PAN-OS software. An authenticated read-write Panorama administrator can push a specially crafted configuration to a PAN-OS node. When a legitimate PAN-OS administrator subsequently accesses the affected interface, JavaScript executes in their browser, enabling impersonation of that administrator and performance of restricted actions on the PAN-OS node. The vulnerability requires high privileges and user interaction, resulting in a LOW severity CVSS 3.1 score of 2.4.

Defensive priority

LOW

Recommended defensive actions

• Upgrade Palo Alto Networks Virtual NGFW to V11.1.4-h1; contact customer support to receive patch and update information
• Configure the RADIUS server to require the presence of a Message-Authenticator attribute in all Access-Request packets from RADIUS client devices that support it
• Restrict access to networks where RADIUS messages are exchanged (e.g., send RADIUS traffic via management network or a dedicated VLAN)
• Configure the in-use SSH profile to contain at least one cipher and at least one MAC algorithm, which removes support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms available in PAN-OS software; see Palo Alto
• s upstream documentation for additional guidance

Evidence notes

CVE published 2024-07-09; CISA CSAF advisory ICSA-24-193-11 published same date. Advisory revised multiple times through 2026-01-14 to add related CVEs and republicate Siemens ProductCERT SSA-364175. CVSS 3.1 score 2.4 (LOW).

Official resources