Siemens RUGGEDCOM APE1808
Act Now9.8ICS-CERT ICSA-24-102-04Apr 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM APE1808 contains multiple critical vulnerabilities in the embedded Palo Alto Networks Virtual NGFW, including memory buffer overflows (CWE-787), integer overflows (CWE-190), improper input validation (CWE-20), and weak SSH cipher configuration (CVE-2023-48795). These flaws allow unauthenticated remote attackers to execute arbitrary code, bypass authentication, escalate privileges, or inject malicious content. The vulnerabilities span 19 different weakness classes including use-after-free (CWE-416), weak access controls (CWE-269, CWE-282), insufficient encryption (CWE-326, CWE-312), and missing null pointer checks (CWE-476). All versions of RUGGEDCOM APE1808 are affected.
What this means
What could happen
An attacker with network access to a RUGGEDCOM APE1808 can execute remote code, bypass authentication, or gain unauthorized access to the firewall appliance without credentials, potentially allowing them to intercept or manipulate industrial network traffic and alter or disable critical plant operations.
Who's at risk
Water authorities and electric utilities operating Siemens RUGGEDCOM APE1808 appliances (industrial-grade firewalls and edge protection devices) for perimeter security, remote plant access, or network segmentation. Any facility relying on these devices for network traffic filtering and access control to PLCs, SCADA systems, or field devices.
How it could be exploited
An attacker on the network can send specially crafted packets to the APE1808's management interface (typically port 443 for web/API or port 22 for SSH) or exploit vulnerabilities in the embedded Palo Alto Networks Virtual NGFW. For CVE-2023-48795, weak SSH cipher configurations allow connection interception. For other CVEs (CWE-787, CWE-20, CWE-269), memory corruption or privilege escalation flaws could be triggered to gain shell access and run arbitrary commands on the appliance.
Prerequisites
- Network reachability to the RUGGEDCOM APE1808 management interface or data plane ports
- For CVE-2023-48795: SSH access enabled with weak cipher/MAC configurations
- No special credentials required for most vulnerabilities (CWE-20, CWE-269, CWE-787 indicate unauthenticated flaws)
Remotely exploitable without authenticationLow complexity exploitationHigh EPSS score (88.5%)No patch available for CVE-2023-48795Multiple critical memory corruption and privilege escalation flaws (CWE-787, CWE-190, CWE-416)Affects network security infrastructure protecting safety systems
Exploitability
High exploit probability (EPSS 88.5%)
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsNo fix yet
Remediation & Mitigation
0/5
Do now
0/2HOTFIXContact Siemens customer support to receive patch and update information for CVE-2023-6789, CVE-2023-6793, CVE-2023-38802, and CVE-2024-0008
WORKAROUNDFor CVE-2023-48795: Configure the in-use SSH profile to require at least one cipher and one MAC algorithm, removing support for CHACHA20-POLY1305 and all Encrypt-then-MAC (EtM) algorithms
Long-term hardening
0/3HARDENINGImplement network segmentation to isolate industrial control system networks from business networks and the internet
HARDENINGDeploy firewalls to restrict network access to RUGGEDCOM APE1808 management interfaces from trusted networks only
HARDENINGImplement monitoring and intrusion detection on industrial network segments to detect suspicious command execution or traffic anomalies
CVEs (25)
CVE-2017-8923CVE-2017-9120CVE-2020-25658CVE-2021-21708CVE-2021-43527CVE-2022-1271CVE-2022-3515CVE-2022-31676CVE-2022-37454CVE-2022-47629CVE-2023-0286CVE-2023-6789CVE-2023-6793CVE-2023-38802CVE-2024-0008CVE-2024-2551CVE-2024-3383CVE-2024-3386CVE-2024-3387CVE-2024-3388CVE-2024-5916CVE-2024-5918CVE-2024-5919CVE-2024-8688CVE-2025-0127
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/9891ab09-8426-4db3-85d7-8ed0161da495