Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

Act Now9.8ICS-CERT ICSA-24-074-11Mar 12, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Fortinet FortiOS contains multiple critical vulnerabilities affecting Fortigate NGFW devices. CVE-2023-25610 allows unauthenticated access to the administrative interface; CVE-2023-27997 affects SSL-VPN functionality; CVE-2023-33308 affects HTTP/2 handling in SSL inspection. These vulnerabilities allow remote attackers to bypass authentication, intercept encrypted traffic, or execute arbitrary code. RUGGEDCOM APE1808 devices protected by affected Fortigate firewalls may be exposed if the firewall is compromised. Siemens has issued firmware updates for Fortigate NGFW to version 7.4.1. No patch is currently available for RUGGEDCOM APE1808 itself, but Siemens is preparing additional fixes and recommends implementing network segmentation and administrative access controls.

What this means

What could happen

An attacker on the network could exploit multiple vulnerabilities in Fortigate NGFW devices to bypass authentication, intercept encrypted traffic, or run arbitrary code, potentially allowing them to alter firewall rules, inspect sensitive communications, or disrupt network protection for connected industrial devices like the RUGGEDCOM APE1808.

Who's at risk

Manufacturing facilities and utilities that rely on Siemens RUGGEDCOM APE1808 edge devices protected by Fortigate NGFW firewalls. This includes water treatment plants, power distribution facilities, and other critical infrastructure using ruggedized edge computing. The vulnerability primarily affects the Fortigate firewall that sits between your industrial network and external connections.

How it could be exploited

An attacker without credentials could access the HTTP/HTTPS administrative interface of a Fortigate NGFW (CVE-2023-25610), or exploit SSL-VPN vulnerabilities (CVE-2023-27997) or HTTP/2 inspection flaws (CVE-2023-33308) to gain remote access. Once inside, they could modify firewall rules or policies that protect your RUGGEDCOM APE1808 and other industrial devices, or intercept encrypted traffic to and from those devices.

Prerequisites

Network access to the Fortigate NGFW administrative interface (ports 80, 443, or SSL-VPN port)
No authentication required for some vectors (CVE-2023-25610)
NGFW must have HTTP/HTTPS admin interface enabled or SSL-VPN enabled
HTTP/2 support enabled on SSL inspection profiles

actively exploited (KEV)remotely exploitableno authentication required (CVE-2023-25610)low complexity attackhigh CVSS score (9.8 critical)high EPSS score (16.0%)affects network perimeter protection for industrial devicesmultiple attack vectors (authentication bypass, SSL-VPN, HTTP/2 inspection)

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsNo fix (EOL)

Remediation & Mitigation

0/8

Do now

0/5

HOTFIXUpdate Fortigate NGFW firmware to version 7.4.1 or later

WORKAROUNDDisable HTTP/HTTPS administrative interface on the Fortigate NGFW if remote management is not required

HARDENINGRestrict administrative interface access to specific trusted IP addresses only

WORKAROUNDDisable SSL-VPN if not in use

WORKAROUNDDisable HTTP/2 support on SSL inspection profiles used by proxy and firewall policies

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGPlace RUGGEDCOM APE1808 and other industrial devices on a network segment isolated from the internet with no direct external access

HARDENINGImplement network segmentation between industrial control systems and business networks

HARDENINGUse VPN with multi-factor authentication for any required remote access to the RUGGEDCOM or Fortigate devices

CVEs (43)

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f1244e32-c004-4206-be2c-3fe77b2dbeae