A significant security problem has come up in Siemens’ InterMesh wireless alarm system. This system plays a key role in critical infrastructure. It has serious vulnerable spots that could let attackers take over systems from afar with total control. The worst flaw, given the highest danger rating, leaves systems open to attack. This puts key infrastructure at great risk. Siemens is advising users to update their systems right away to avoid possible disasters.
The most severe of these, CVE-2024-47901, carries a CVSSv4 score of 10.0, indicating maximum criticality. The issue stems from improper handling of input on the system’s web server, which fails to sanitize incoming requests properly. Imagine a door that is locked but has no peephole. This door lets anyone in without checking who they are, giving them full access to what is inside. In the same way, this security flaw allows cybercriminals to run commands on the operating system as if they had complete control.
This serious vulnerability, along with three other security issues (CVE-2024-47902, CVE-2024-47903, CVE-2024-47904), make the system more open to attacks. For instance, CVE-2024-47902 allows attackers to remotely send simple OS commands like “ping” without proper authentication, while CVE-2024-47903 enables unauthorized file uploads to the server directory, and CVE-2024-47904 allows attackers to use specific system binaries with elevated privileges.
Affected systems include InterMesh 7177 Hybrid 2.0 Subscribers (versions before V8.2.12) and InterMesh 7707 Fire Subscribers (versions before V7.2.12 with IP interfaces enabled). Siemens has urged users to update these systems to the latest versions immediately—V8.2.12 for Hybrid and V7.2.12 for Fire, or to disable the IP interface to reduce risk.
Siemens emphasizes how crucial it is to install these updates quickly. Systems without patches are at risk of being taken over. This warning shows why it is so important to act fast to protect vital infrastructure from possible attacks.
