Connect with us

Hi, what are you looking for?



Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability

Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.

Siemens cybersecurity

The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens’ industrial products.

In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400.

Siemens is preparing updates for the affected product and in the meantime has provided workarounds and mitigations. 

The Ruggedcom APE1808 industrial application hosting platform enables organizations to deploy commercially available applications for edge computing and cybersecurity in harsh industrial environments. 

CVE-2024-3400 is known to have been exploited in the wild — including as a zero-day before Palo Alto Networks released any patches or mitigations — but Siemens does not mention anything about attacks specifically targeting its product.

Siemens’ APE1808 integrates security solutions from several vendors, including Palo Alto Networks, Fortinet and Nozomi Networks, and the industrial giant recently started publishing advisories to inform customers about vulnerabilities in these security solutions.

The Shadowserver Foundation has been tracking the number of Palo Alto Networks firewalls vulnerable to attacks exploiting CVE-2024-3400 and its most recent count showed roughly 6,000 internet-exposed devices

Exploitation of the vulnerability, which allows an unauthenticated attacker to execute arbitrary commands with elevated privileges on the compromised firewall, surged last week after proof-of-concept (PoC) code was made public.

Advertisement. Scroll to continue reading.

The group that was first spotted exploiting the zero-day is believed to be a state-sponsored threat actor, but it’s unclear which country they are associated with. One company suggested a link to North Korea’s Lazarus, but this claim has yet to be corroborated. 

Cybersecurity firm Volexity is aware of attacks launched as early as March 26, with the attackers using hacked firewalls to move into internal networks and exfiltrate data. In some cases, the attackers also deployed a backdoor

Related: CrushFTP Patches Exploited Zero-Day Vulnerability

Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.