Siemens RUGGEDCOM APE1808

Act Now8.8ICS-CERT ICSA-24-102-03Apr 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Siemens RUGGEDCOM APE1808 contains multiple vulnerabilities related to Palo Alto Networks PAN-OS, including authentication bypass, information disclosure, command injection, cross-site scripting, and insecure deserialization. The advisory references CWE-406 (authentication bypass), CWE-497 (exposure of sensitive data), CWE-73 (external control of file name), CWE-79 (cross-site scripting), CWE-522 (insufficiently protected credentials), CWE-610 (insecure deserialization), CWE-434 (unrestricted upload of file with dangerous type), and CWE-918 (server-side request forgery). All versions of RUGGEDCOM APE1808 are affected with no fix currently available, though Siemens is preparing updates. Customers should upgrade the Palo Alto Networks Virtual NGFW component to V11.0.1 and implement network isolation and access controls.

What this means

What could happen

An attacker could gain remote access to the RUGGEDCOM APE1808 firewall and execute arbitrary code, potentially disrupting network communications, modifying security policies, or blocking traffic to critical industrial equipment.

Who's at risk

This affects manufacturing operations that use Siemens RUGGEDCOM APE1808 industrial firewalls to protect network infrastructure, including those using the Palo Alto Networks Virtual NGFW component. Any facility relying on this firewall for network segmentation and protection of control systems is at risk.

How it could be exploited

An attacker sends a malicious request over the network to the RUGGEDCOM APE1808 (no authentication required, user interaction needed). The firewall processes the request, triggering remote code execution on the device, allowing the attacker to run commands as the firewall.

Prerequisites

Network access to RUGGEDCOM APE1808 management interface or traffic processing ports
User interaction may be required (clicking a link or opening content)
Device running vulnerable firmware version

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high CVSS (8.8)no patch available for all versions

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HOTFIXUpgrade Palo Alto Networks Virtual NGFW to V11.0.1 or later

WORKAROUNDIf upgrade is not immediately feasible, isolate the RUGGEDCOM APE1808 from direct internet access using firewall rules and network segmentation

WORKAROUNDRestrict network access to the device to only authorized administrative workstations and systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDisable unused management interfaces and protocols on the device

HARDENINGDeploy intrusion detection on traffic to and from the RUGGEDCOM APE1808 to monitor for exploitation attempts

Mitigations - no patch available

0/1

RUGGEDCOM APE1808 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the firewall from external networks and untrusted sources

CVEs (8)

CVE-2023-38046 CVE-2024-5911 CVE-2024-5917 CVE-2022-0028 CVE-2023-0005 CVE-2023-0008 CVE-2023-6790 CVE-2023-6791

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a3d9dd32-9a5e-4340-88ce-f346016e0600