Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

  /     /     /  
Publicated : 23/11/2024   Category : security


Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug


Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.



Siemens is urging organizations using its Ruggedcom APE1808 devices configured with Palo Alto Networks (PAN) Virtual NGFW to implement workarounds for a maximum severity zero-day bug that PAN recently disclosed in its next-gen firewall product.
The command injection vulnerability, identified as
CVE-2024-3400
, affects multiple versions of PAN-OS firewalls when certain features are enabled on them. An attacker has been exploiting the flaw to deploy a novel Python backdoor on affected firewalls.
PAN patched the flaw
after researchers from Volexity discovered the vulnerability and reported it to the security vendor earlier this month. The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-3400 to its catalog of known exploited vulnerabilities following reports of multiple groups attacking the flaw.
Palo Alto Networks itself has said it is
aware of a growing number of attacks
leveraging CVE-2024-3400 and has warned about proof-of-concept code for the flaw being publicly available.
According to Siemens, its Ruggedcom APE1808 product — commonly deployed as edge devices in industrial control environments — is
vulnerable to the issue
. Siemens described all versions of the product with PAN Virtual NGFW configured with the GlobalProtect gateway or GlobalProtect portal — or both — as affected by the vulnerability.
In an advisory, Siemens said it is working on updates for the bug and recommended specific countermeasures that customers should take in the meantime to mitigate risk. The measures include using specific threat IDs that PAN has released to block attacks targeting the vulnerability. Siemens advisory pointed to PANs recommendation to disable GlobalProtect gateway and GlobalProtect portal, and reminded customers that the features are already disabled by default in Ruggedcom APE1808 deployment environments.
PAN initially also recommended organizations disable device telemetry to protect against attacks targeting the flaw. The security vendor later withdrew that advice, citing ineffectiveness. Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability, the company noted.
Siemens urged customers, as a general rule, to protect network access to devices in industrial control environments with appropriate mechanisms, saying, In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens operational guidelines for Industrial Security.
The Shadowserver Foundation, which monitors the Internet for threat related traffic,
identified some 5,850 vulnerable instances
of PANs NGFW exposed and accessible over the Internet as of April 22. Some 2,360 of the vulnerable instances appear to be located in North America; Asia accounted for the next highest number with around 1,800 exposed instances.
Its unclear how many of those exposed instances are in industrial control system (ICS) and operational technology (OT) settings. But generally, Internet exposure continues to be a major issue in ICS and OT environments. A
new investigation by Forescout
uncovered nearly 110,000 Internet-facing ICS and OT systems worldwide. The US led the way, accounting for 27% of the exposed instances. However, that number was significantly lower compared with a few years ago. In contrast, Forescout found a sharp increase in the number of Internet-exposed ICS/OT equipment in other countries, including Spain, Italy, France, Germany, and Russia.
Opportunistic attackers are increasingly abusing this exposure at scale — sometimes with a very lax targeting rationale driven by trends, such as current events, copycat behavior, or the emergencies found in new, off-the-shelf capabilities or hacking guides, Forescout said. The security vendor assessed that the exposure had to do at least in part with systems integrators delivering packaged bundles with components in them that inadvertently expose ICS and OT systems to the Internet. In all likeliness, Forescout said, most asset owners are unaware these packaged units contain exposed OT devices.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug