Siemens RUGGEDCOM APE1808
Act Now9.8ICS-CERT ICSA-24-074-05Mar 12, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Siemens RUGGEDCOM APE1808 industrial edge router contains multiple critical vulnerabilities in its SSL VPN and FGFM (FortiGate Fabric Management) features. The vulnerabilities stem from FortiOS code and allow unauthenticated remote attackers to execute arbitrary code, bypass authentication, or gain administrative access. All versions of the APE1808 are affected. Siemens has released patches; contact customer support for availability. Interim mitigations include disabling SSL VPN and removing FGFM access from all interfaces.
What this means
What could happen
An attacker can gain complete control of the RUGGEDCOM APE1808 industrial edge router remotely without authentication, potentially allowing them to intercept, modify, or block communications in critical infrastructure networks including manufacturing, utilities, and water systems.
Who's at risk
This impacts any organization using Siemens RUGGEDCOM APE1808 industrial edge routers in manufacturing, utilities (electric and water), and other critical infrastructure. The device is commonly deployed at the edge of ICS/SCADA networks to provide secure remote access and network management, making it a critical chokepoint for operations.
How it could be exploited
An attacker on the network (or internet if the device is exposed) can send requests to the SSL VPN service or FGFM management interface on the APE1808 without credentials. The vulnerabilities allow remote code execution or administrative access, enabling the attacker to reconfigure network routing, capture traffic, or disrupt industrial operations.
Prerequisites
- Network connectivity to the APE1808 device (can be remote if internet-facing)
- SSL VPN or FGFM interface enabled and accessible
- No authentication required
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)EPSS 94.5% (extremely high exploit probability)Affects critical industrial operationsMultiple severe CWEs including RCE, authentication bypass, and memory corruption
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsFix available
Remediation & Mitigation
0/5
Do now
0/4WORKAROUNDDisable SSL VPN feature on RUGGEDCOM APE1808
WORKAROUNDRemove FGFM (FortiGate Fabric Management) access from all interfaces on RUGGEDCOM APE1808
HOTFIXContact Siemens customer support to obtain and deploy the latest firmware patch for RUGGEDCOM APE1808
HARDENINGRestrict network access to APE1808 management interfaces using firewall rules; do not expose to the internet
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate industrial edge devices from business networks and the internet
CVEs (30)
CVE-2022-23439CVE-2022-45862CVE-2023-36640CVE-2023-38545CVE-2023-38546CVE-2023-40721CVE-2023-41677CVE-2023-42785CVE-2023-42786CVE-2023-42789CVE-2023-42790CVE-2023-44247CVE-2023-44250CVE-2023-44487CVE-2023-45583CVE-2023-45586CVE-2023-46714CVE-2023-46715CVE-2023-46717CVE-2023-46718CVE-2023-47537CVE-2023-48784CVE-2024-23110CVE-2024-23112CVE-2024-23113CVE-2024-23662CVE-2024-26007CVE-2024-26011CVE-2024-40593CVE-2025-54822
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5ed367df-6ce0-4701-b786-bc540d09809c