Multiple Vulnerabilities in InterMesh Subscriber Devices

Act Now10SSA-333468Oct 23, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

InterMesh Subscriber devices (7177 Hybrid 2.0 and 7707 Fire models) contain multiple vulnerabilities that allow unauthenticated remote code execution with root privileges. The issues stem from missing authentication checks (CWE-306), insufficient privilege separation (CWE-250, CWE-266), and command injection (CWE-78). An attacker with network access can execute arbitrary commands, gaining complete control of the affected device.

What this means

What could happen

An unauthenticated attacker on the network can run arbitrary code with root privileges on affected InterMesh Subscriber devices, enabling complete control over fire suppression or building automation systems and potentially disrupting critical safety operations.

Who's at risk

Organizations operating Siemens InterMesh fire suppression control systems and building automation networks should prioritize this update. The 7177 Hybrid 2.0 and 7707 Fire Subscriber devices are commonly used in commercial buildings, data centers, and industrial facilities for fire detection and suppression coordination.

How it could be exploited

An attacker with network access to the device exploits the authentication and privilege escalation vulnerabilities (CWE-306, CWE-250, CWE-266) combined with command injection (CWE-78) to execute arbitrary commands as root. No credentials or user interaction required.

Prerequisites

Network access to the InterMesh Subscriber device
Device running vulnerable firmware version (7177 Hybrid 2.0 < V8.2.12 or 7707 Fire < V7.2.12)

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (10.0)Affects safety systems (fire suppression)Complete system compromise possible

Exploitability

Moderate exploit probability (EPSS 2.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

InterMesh 7177 Hybrid 2.0 Subscriber< V8.2.128.2.12

InterMesh 7707 Fire Subscriber< V7.2.127.2.12

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to InterMesh Subscriber devices using firewall rules; allow only authorized management workstations and control systems

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

InterMesh 7177 Hybrid 2.0 Subscriber

HOTFIXUpdate InterMesh 7177 Hybrid 2.0 Subscriber to firmware version 8.2.12 or later

InterMesh 7707 Fire Subscriber

HOTFIXUpdate InterMesh 7707 Fire Subscriber to firmware version 7.2.12 or later

All products

HOTFIXVerify device network connectivity and apply updates during planned maintenance windows to minimize operational impact

CVEs (4)

CVE-2024-47901 CVE-2024-47902 CVE-2024-47903 CVE-2024-47904

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/912ecb4f-4f48-4964-9edf-166d4bd67283