PatchSiren cyber security CVE debrief
CVE-2024-9468 Siemens CVE debrief
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS via a crafted packet through the data plane, resulting in a denial of service (DoS) condition. Repeated exploitation attempts cause PAN-OS to enter maintenance mode. This vulnerability affects the Palo Alto Networks Virtual NGFW deployed on Siemens RUGGEDCOM APE1808 devices. The issue was published on July 9, 2024, and subsequently added to the CISA ICS advisory on November 12, 2024. A vendor fix is available requiring upgrade to Palo Alto Networks Virtual NGFW V11.1.4-h1.
- Vendor
- Siemens
- Product
- RUGGEDCOM APE1808
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-09
- Original CVE updated
- 2026-01-14
- Advisory published
- 2024-07-09
- Advisory updated
- 2026-01-14
Who should care
Organizations operating Siemens RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW deployments, particularly in industrial control system (ICS) and operational technology (OT) environments where network availability is critical. Security teams responsible for firewall infrastructure, network administrators managing PAN-OS instances, and OT security practitioners should prioritize this vulnerability due to its potential to cause sustained denial of service through maintenance mode activation.
Technical summary
CVE-2024-9468 is a memory corruption vulnerability in Palo Alto Networks PAN-OS software with a CVSS 3.1 score of 5.9 (MEDIUM). The vulnerability allows an unauthenticated remote attacker to crash PAN-OS by sending a crafted packet through the data plane. Successful exploitation results in a denial of service condition; repeated attempts trigger PAN-OS to enter maintenance mode. The attack vector is network-based with high attack complexity, requiring no privileges or user interaction. The vulnerability specifically affects availability with no impact to confidentiality or integrity. This issue impacts Palo Alto Networks Virtual NGFW running on Siemens RUGGEDCOM APE1808 industrial devices. Remediation requires upgrading to Virtual NGFW V11.1.4-h1.
Defensive priority
medium
Recommended defensive actions
- Upgrade Palo Alto Networks Virtual NGFW to version V11.1.4-h1 by contacting customer support for patch and update information
- Configure in-use SSH profile to contain at least one cipher and at least one MAC algorithm to remove support for CHACHA20-POLY1305 and all Encrypt-then-MAC algorithms
- Configure RADIUS server to require Message-Authenticator attribute in all Access-Request packets from supporting RADIUS client devices
- Restrict network access for RADIUS message exchange to management networks or dedicated VLANs
- Monitor PAN-OS systems for unexpected crashes or maintenance mode entry that may indicate exploitation attempts
- Apply defense-in-depth strategies for industrial control systems per CISA recommended practices
Evidence notes
CVE description and remediation details sourced from CISA CSAF advisory ICSA-24-193-11, which republishes Siemens ProductCERT SSA-364175. CVSS 3.1 score of 5.9 (MEDIUM) with Attack Vector: Network, Attack Complexity: High, Privileges Required: None, User Interaction: None, Scope: Unchanged, Confidentiality: None, Integrity: None, Availability: High.
Official resources
-
CVE-2024-9468 CVE record
CVE.org
-
CVE-2024-9468 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
public