CVE-2024-23814
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to cause a temporary denial of service in the ICMP service of affected Siemens devices by sending specially crafted IP fragment messages that exhaust memory resources. Only the ICMP service is affected, and devices resume normal operation after the attack stops. Siemens industrial control systems and network devices are primarily affected.
💻 Affected Systems
- Siemens SCALANCE XB-200, XC-200, XF-200, XM-400, XP-200, XR-300WG, XR-500 series switches
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete temporary disruption of ICMP services on affected devices, potentially affecting network monitoring and diagnostic tools that rely on ICMP.
Likely Case
Temporary ICMP service disruption causing ping failures and potential monitoring system alerts, with automatic recovery after attack cessation.
If Mitigated
Minimal impact with proper network segmentation and ICMP filtering in place.
🎯 Exploit Status
Exploitation requires sending specially crafted IP fragments to trigger memory exhaustion in ICMP service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by product - see Siemens advisories for specific fixed versions
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-725549.html
Restart Required: Yes
Instructions:
1. Review Siemens advisories SSA-725549 and SSA-769027. 2. Identify affected product models and versions. 3. Download and apply firmware updates from Siemens support portal. 4. Reboot affected devices after patching.
🔧 Temporary Workarounds
Block ICMP fragmentation at network perimeter
linuxConfigure firewalls to block ICMP fragments from untrusted networks
# Example iptables rule: iptables -A INPUT -p icmp --fragment -j DROP
Disable ICMP service if not required
allTurn off ICMP service on affected devices if not needed for operations
# Consult Siemens device documentation for ICMP disable commands
🧯 If You Can't Patch
- Implement network segmentation to isolate affected devices from untrusted networks
- Deploy intrusion prevention systems to detect and block ICMP fragmentation attacks
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Siemens advisory lists. Use network scanners to test ICMP fragment handling.Check Version:
# Siemens devices: show version or display version in web interface/CLIVerify Fix Applied:
Verify firmware version matches patched versions in Siemens advisories. Test with controlled ICMP fragment traffic.📡 Detection & Monitoring
Log Indicators:
- High ICMP error rates
- Memory exhaustion alerts
- ICMP service restart logs
Network Indicators:
- Unusual ICMP fragment traffic patterns
- ICMP timeouts from affected devices
SIEM Query:
source="network_device" (icmp_fragment OR icmp_error) count>1000 per hour