CVE-2024-47901 (CVSS 10): Critical Security Flaw in Siemens InterMesh
Siemens has issued a security advisory addressing multiple vulnerabilities in its InterMesh wireless alarm reporting system. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges on affected devices.
InterMesh is utilized in critical infrastructure and industrial settings for fast and reliable alarm signal delivery. The vulnerabilities stem from inadequate input sanitization and authentication within the web server of InterMesh Subscriber devices.
The most critical vulnerability identified is CVE-2024-47901, which carries a CVSSv4 score of 10.0—the highest possible severity rating. According to Siemens, “The web server of affected devices does not sanitize the input parameters in specific GET requests that allow for code execution on operating system level.” This vulnerability allows an unauthenticated remote attacker to execute arbitrary code with root privileges, posing a significant threat to system integrity.
This vulnerability, when combined with three others—CVE-2024-47902, CVE-2024-47903, and CVE-2024-47904—further increases the risk. Siemens highlights the interconnected nature of these flaws, stating that together, they “could allow an unauthenticated remote attacker to execute arbitrary code with root privileges.”
The secondary vulnerabilities are also concerning:
- CVE-2024-47902 (CVSSv4 6.9) allows for unauthenticated execution of specific commands (such as ping) on the operating system level.
- CVE-2024-47903 (CVSSv4 6.9) enables attackers to write arbitrary files to the web server’s DocumentRoot directory.
- CVE-2024-47904 (CVSSv4 8.5) exploits a SUID binary, allowing authenticated local attackers to execute arbitrary commands with root privileges.
The affected products include:
- InterMesh 7177 Hybrid 2.0 Subscriber: All versions < V8.2.12
- InterMesh 7707 Fire Subscriber: All versions < V7.2.12 (only if the IP interface is enabled)
Siemens has provided immediate remediation steps, advising users to update the affected InterMesh devices to the latest versions:
- InterMesh 7177 Hybrid 2.0 Subscriber: Update to version V8.2.12 or later.
- InterMesh 7707 Fire Subscriber: Update to version V7.2.12 or later, or alternatively, disable the IP interface to mitigate risk.
In addition to updating, Siemens advises users to restrict access to the InterMesh network to trusted systems and personnel only.
Given the severity of these vulnerabilities, particularly CVE-2024-47901, Siemens is urging users to update their systems immediately. Failure to do so could leave systems vulnerable to attacks that could result in complete system compromise.
Related Posts:
- ServiceNow Security Alert: Critical Vulnerabilities Expose Businesses to RCE and Data Breaches
- CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available
- Critical Vulnerabilities Discovered in Siemens SINEC Security Monitor
- Researchers found security flaws in Siemens devices