Friday, April 19, 2024

Siemens Publishes Out-of-Zone Advisory – 4-19-24

Today, ten days after the publication of their monthly tranche of security advisories and updates, Siemens published a control system security advisory that discusses a command injection vulnerability in their RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW. This is a third-party (Palo Alto Networks) vulnerability that is listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Siemens recommends that users disable the GlobalProtect gateway and GlobalProtect portal. They report that that these features are disabled by default in RUGGEDCOM APE1808 deployments. They also recommend that users follow the recommendations in the Palo Alto Networks advisory. There is no mention that the owners of affected Palo Alto Networks products have seen this vulnerability widely exploited.

No comments:

/* Use this with templates/template-twocol.html */