Siemens RUGGEDCOM APE1808

Monitor7ICS-CERT ICSA-23-047-08Feb 14, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Insyde BIOS vulnerabilities affecting Siemens RUGGEDCOM APE1808 product family related to race conditions (CWE-367). All APE1808 models with BIOS version prior to 1.0.212N are affected. These are local privilege escalation vulnerabilities requiring valid credentials and physical/console access. The vulnerabilities are not remotely exploitable and have high attack complexity. Siemens has not yet released a vendor patch.

What this means

What could happen

An attacker with local access and valid credentials could exploit BIOS-level vulnerabilities to gain elevated privileges on RUGGEDCOM APE1808 devices, potentially allowing modification of device behavior or bypass of security controls.

Who's at risk

Water utilities and municipal electric operators running Siemens RUGGEDCOM APE1808 series industrial networking devices should review this advisory. The APE1808 family includes models with various configurations (W10, ADM, CKP, CLOUDCONNECT, ELAN, SAM-L, CLA variants, LNX) used for secure communication in OT environments. Any organization using these devices for critical infrastructure operations should assess their exposure.

How it could be exploited

An attacker must first gain local access to the device and possess valid user credentials. Once authenticated, they can exploit BIOS-level race conditions (CWE-367) to escalate privileges and execute code with BIOS-level authority, potentially modifying device firmware or security settings.

Prerequisites

Local physical or console access to the device
Valid user credentials on the RUGGEDCOM APE1808
Ability to interact with BIOS during boot sequence

No patch availableAffects industrial networking devicesLow complexity attack if prerequisites metBIOS/firmware-level vulnerabilityAll variants up to BIOS v1.0.212N affected

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (22)

22 EOL

ProductAffected VersionsFix Status

RUGGEDCOM APE1808W10 CC<BIOS V1.0.212NNo fix (EOL)

RUGGEDCOM APE1808 ADM<BIOS V1.0.212NNo fix (EOL)

RUGGEDCOM APE1808 CKP<BIOS V1.0.212NNo fix (EOL)

RUGGEDCOM APE1808 CLOUDCONNECT<BIOS V1.0.212NNo fix (EOL)

RUGGEDCOM APE1808 ELAN<BIOS V1.0.212NNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGSegment the network to restrict physical and console access to RUGGEDCOM APE1808 devices to authorized personnel only

HARDENINGImplement firewall rules and access controls to prevent unauthorized access to management interfaces of RUGGEDCOM APE1808 devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor Siemens security advisories (SSA-450613) for availability of a vendor patch when it becomes available

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: RUGGEDCOM APE1808W10 CC, RUGGEDCOM APE1808 ADM, RUGGEDCOM APE1808 CKP, RUGGEDCOM APE1808 CLOUDCONNECT, RUGGEDCOM APE1808 ELAN, RUGGEDCOM APE1808 ELAN CC, RUGGEDCOM APE1808 SAM-L, RUGGEDCOM APE1808 SAM-L CC, RUGGEDCOM APE1808CLA-P, RUGGEDCOM APE1808CLA-P CC, RUGGEDCOM APE1808CLA-S1, RUGGEDCOM APE1808CLA-S3, RUGGEDCOM APE1808CLA-S5, RUGGEDCOM APE1808LNX, RUGGEDCOM APE1808LNX CC, RUGGEDCOM APE1808W10, RUGGEDCOM APE1808 ADM CC, RUGGEDCOM APE1808 CKP CC, RUGGEDCOM APE1808 CLOUDCONNECT CC, RUGGEDCOM APE1808CLA-S1 CC, RUGGEDCOM APE1808CLA-S3 CC, RUGGEDCOM APE1808CLA-S5 CC. Apply the following compensating controls:

HARDENINGReview and enforce strong password policies and multi-factor authentication for any accounts with access to device management interfaces

CVEs (6)

CVE-2022-30774 CVE-2022-31243 CVE-2022-33906 CVE-2022-33908 CVE-2022-33982 CVE-2022-33984

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ca1d98e8-0b96-48b6-891c-fde22ba5f7bb