Siemens InterMesh Subscriber Devices

Act Now10ICS-CERT ICSA-24-303-01Oct 23, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

InterMesh Subscriber devices contain multiple vulnerabilities (CWE-78 OS command injection, CWE-306 missing authentication, CWE-250 improper privilege management, CWE-266 incorrect privilege assignment) that allow unauthenticated remote attackers to execute arbitrary code with root privileges. Affected models are InterMesh 7177 Hybrid 2.0 (below version 8.2.12) and InterMesh 7707 Fire Subscriber (below version 7.2.12). Siemens has released patched versions. No public exploitation reported as of the advisory date.

What this means

What could happen

An unauthenticated attacker could execute arbitrary commands with root privileges on InterMesh Subscriber devices, potentially disrupting fire safety coordination or hybrid network operations in critical infrastructure.

Who's at risk

Fire safety and hybrid network operators using Siemens InterMesh Subscriber devices (models 7177 Hybrid 2.0 and 7707 Fire) in municipal and industrial environments. This impacts facilities that depend on these devices for coordinating fire safety signals or network meshing in critical infrastructure like water authorities, electric utilities, and industrial plants.

How it could be exploited

An attacker with network access to an InterMesh Subscriber device could send a specially crafted request to a vulnerable service to execute arbitrary code. No authentication or user interaction is required; the attacker gains immediate root-level control once the exploit succeeds.

Prerequisites

Network access to the InterMesh Subscriber device (port/service not specified; assume typical Siemens ICS default ports like 502, 161, or web interface ports)
Vulnerable software version running (7177 Hybrid below 8.2.12 or 7707 Fire below 7.2.12)

remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 10.0)affects safety systems (fire coordination)affects network control functions

Exploitability

Moderate exploit probability (EPSS 2.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

InterMesh 7177 Hybrid 2.0 Subscriber<V8.2.128.2.12

InterMesh 7707 Fire Subscriber<V7.2.127.2.12

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to InterMesh devices to trusted systems and personnel only; implement firewall rules to deny inbound connections from untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

InterMesh 7177 Hybrid 2.0 Subscriber

HOTFIXUpdate InterMesh 7177 Hybrid 2.0 Subscriber to firmware version 8.2.12 or later

InterMesh 7707 Fire Subscriber

HOTFIXUpdate InterMesh 7707 Fire Subscriber to firmware version 7.2.12 or later

Long-term hardening

0/2

HARDENINGIsolate InterMesh Subscriber devices from business networks and the internet; place them behind firewalls on a dedicated control system network segment

HARDENINGIf remote access to InterMesh devices is required, use a VPN with up-to-date security patches and restrict VPN access to authorized personnel only

CVEs (4)

CVE-2024-47901 CVE-2024-47902 CVE-2024-47903 CVE-2024-47904

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d6e2ff30-da3f-4973-9578-6d9eabc28221