Siemens InterMesh Subscriber Devices

Plan PatchCVSS 10ICS-CERT ICSA-24-303-01Oct 23, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens InterMesh Subscriber devices (7177 Hybrid 2.0 and 7707 Fire) contain multiple vulnerabilities (CWE-78 OS command injection, CWE-306 missing authentication, CWE-250 and CWE-266 privilege escalation) that allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the device. Affected versions: InterMesh 7177 Hybrid 2.0 below V8.2.12; InterMesh 7707 Fire below V7.2.12. Siemens has released patched versions and recommends immediate updating.

What this means

What could happen

An unauthenticated attacker on the network could execute arbitrary code with root-level privileges on InterMesh Subscriber devices, potentially gaining full control over the mesh network infrastructure, disrupting communications between substations or industrial facilities, or modifying critical control parameters.

Who's at risk

Electric utilities and water authorities that use Siemens InterMesh Subscriber devices (7177 Hybrid 2.0 or 7707 Fire models) for mesh networking between substations, remote terminals, or control points. InterMesh is used for resilient, self-healing network connectivity in critical infrastructure, so compromise directly affects network availability and control system reliability.

How it could be exploited

An attacker with network access to the InterMesh Subscriber device can send a malicious request (likely via an exposed service port) that exploits the lack of authentication or input validation. The device would execute the attacker's command with root privileges, giving full system control. No user interaction is required.

Prerequisites

Network access to the InterMesh Subscriber device
Device must be exposed to a network accessible to the attacker (not firewalled off)

remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 10)affects core network infrastructure

Exploitability

Some exploitation risk — EPSS score 2.9%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

InterMesh 7177 Hybrid 2.0 Subscriber<V8.2.128.2.12

InterMesh 7707 Fire Subscriber<V7.2.127.2.12

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to InterMesh devices to only trusted systems and personnel; implement firewall rules to block unauthorized inbound connections

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

InterMesh 7177 Hybrid 2.0 Subscriber

HOTFIXUpdate InterMesh 7177 Hybrid 2.0 Subscriber to firmware version 8.2.12 or later

InterMesh 7707 Fire Subscriber

HOTFIXUpdate InterMesh 7707 Fire Subscriber to firmware version 7.2.12 or later

Long-term hardening

0/1

HARDENINGIsolate InterMesh Subscriber devices behind a firewall and on a separate network segment from the business network

CVEs (4)

CVE-2024-47901 CVE-2024-47902 CVE-2024-47903 CVE-2024-47904

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6e2ff30-da3f-4973-9578-6d9eabc28221

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.