Publication Date:
Last Update:
Current Version: V1.4
CVSS v3.1 Base Score: 10.0
CVSS v4.0 Base Score: 9.3
Un-/Collapse All
Affected Product and Versions Remediation
Expand children
  • CVE-2024-0012: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2024-3393: For upstream mitigation measures, refer to Palo Alto Networks' Security Advisory
  • CVE-2024-9474: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0108: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0109: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0110: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0111: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0115: Exposure can be reduced by limiting access to the management interface to trusted internal IP addresses as described in Palo Alto Networks' Security Advisory
  • CVE-2025-0124: Exposure can be reduced by restricting access to a jump box that is the only system allowed to access the management interface. This ensures that attacks can succeed only if they obtain privileged access through those specified internal IP addresses Palo Alto Networks' Security Advisory
  • CVE-2025-0125: Exposure can be reduced by restricting access to a jump box that is the only system allowed to access the management interface. This will ensure that attacks can succeed only if they obtain privileged access through those specified IP addresses Palo Alto Networks' Security Advisory

Product-specific remediations or mitigations can be found in the section Affected Products and Solution.
Please follow the General Security Recommendations.

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

CVSS v3.1 Base Score 10.0
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score 9.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N
CWE CWE-306: Missing Authentication for Critical Function
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-476: NULL Pointer Dereference
CVSS v3.1 Base Score 6.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVSS v4.0 Base Score 6.8
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS v3.1 Base Score 4.9
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS v4.0 Base Score 6.9
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS v3.1 Base Score 8.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS v4.0 Base Score 8.8
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CWE CWE-306: Missing Authentication for Critical Function
CVSS v3.1 Base Score 5.3
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS v4.0 Base Score 6.9
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CWE CWE-73: External Control of File Name or Path
CVSS v3.1 Base Score 7.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score 8.6
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS v3.1 Base Score 6.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v4.0 Base Score 7.1
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE CWE-73: External Control of File Name or Path
CVSS v3.1 Base Score 5.5
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS v4.0 Base Score 6.8
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CWE CWE-41: Improper Resolution of Path Equivalence
CVSS v3.1 Base Score 5.7
CVSS v3.1 Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 6.8
CVSS v4.0 Vector CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions
CVSS v3.1 Base Score 6.0
CVSS v3.1 Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CVSS v4.0 Base Score 5.9
CVSS v4.0 Vector CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
CWE CWE-312: Cleartext Storage of Sensitive Information
CVSS v3.1 Base Score 3.8
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CVSS v4.0 Base Score 5.1
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CWE CWE-73: External Control of File Name or Path
CVSS v3.1 Base Score 5.2
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
CVSS v4.0 Base Score 6.9
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
CWE CWE-83: Improper Neutralization of Script in Attributes in a Web Page
CVSS v3.1 Base Score 9.6
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:H
CVSS v4.0 Base Score 8.3
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:H/SI:N/SA:N
CWE CWE-384: Session Fixation
CVSS v3.1 Base Score 7.5
CVSS v3.1 Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score 8.7
CVSS v4.0 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE CWE-754: Improper Check for Unusual or Exceptional Conditions

Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications [1]. PANW provides a public RSS feed for their security alerts to which customers can also subscribe [2].

[1] https://security.paloaltonetworks.com

[2] https://security.paloaltonetworks.com/rss.xml

https://www.siemens.com/cert/advisories
V1.0 (2024-11-22): Publication Date
V1.1 (2025-02-11): Added CVE-2024-3393 that affects RUGGEDCOM APE1808 devices with Palo Alto Networks Virtual NGFW with DNS Security logging enabled either with a DNS Security License or an Advanced DNS Security License
V1.2 (2025-02-19): Added CVE-2025-0108, CVE-2025-0109, CVE-2025-0110 and CVE-2025-0111
V1.3 (2025-04-08): Added CVE-2025-0115 and CVE-2025-0116. Updated remediation for RUGGEDCOM APE1808
V1.4 (2025-05-13): Added CVE-2025-0123, CVE-2025-0124, CVE-2025-0125, CVE-2025-0126 and CVE-2025-0128