Siemens RUGGEDCOM APE1808
Act NowCVSS 9.8ICS-CERT ICSA-24-102-04Mar 8, 2022
SiemensManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
RUGGEDCOM APE1808 contains multiple critical vulnerabilities in the embedded Palo Alto Networks Virtual NGFW, including memory buffer overflows (CWE-787), integer overflows (CWE-190), improper input validation (CWE-20), and weak SSH cipher configuration (CVE-2023-48795). These flaws allow unauthenticated remote attackers to execute arbitrary code, bypass authentication, escalate privileges, or inject malicious content. The vulnerabilities span 19 different weakness classes including use-after-free (CWE-416), weak access controls (CWE-269, CWE-282), insufficient encryption (CWE-326, CWE-312), and missing null pointer checks (CWE-476). All versions of RUGGEDCOM APE1808 are affected.
What this means
What could happen
An attacker with network access to a RUGGEDCOM APE1808 can execute remote code, bypass authentication, or gain unauthorized access to the firewall appliance without credentials, potentially allowing them to intercept or manipulate industrial network traffic and alter or disable critical plant operations.
Who's at risk
Water authorities and electric utilities operating Siemens RUGGEDCOM APE1808 appliances (industrial-grade firewalls and edge protection devices) for perimeter security, remote plant access, or network segmentation. Any facility relying on these devices for network traffic filtering and access control to PLCs, SCADA systems, or field devices.
How it could be exploited
An attacker on the network can send specially crafted packets to the APE1808's management interface (typically port 443 for web/API or port 22 for SSH) or exploit vulnerabilities in the embedded Palo Alto Networks Virtual NGFW. For CVE-2023-48795, weak SSH cipher configurations allow connection interception. For other CVEs (CWE-787, CWE-20, CWE-269), memory corruption or privilege escalation flaws could be triggered to gain shell access and run arbitrary commands on the appliance.
Prerequisites
- Network reachability to the RUGGEDCOM APE1808 management interface or data plane ports
- For CVE-2023-48795: SSH access enabled with weak cipher/MAC configurations
- No special credentials required for most vulnerabilities (CWE-20, CWE-269, CWE-787 indicate unauthenticated flaws)
Remotely exploitable without authenticationLow complexity exploitationHigh EPSS score (88.5%)No patch available for CVE-2023-48795Multiple critical memory corruption and privilege escalation flaws (CWE-787, CWE-190, CWE-416)Affects network security infrastructure protecting safety systems
Exploitability
Likely to be exploited — EPSS score 88.4%
Public Proof-of-Concept (PoC) on GitHub (1 repository)
Affected products (11)
10 with fix1 pending
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsNo fix yet
RUGGEDCOM ROX MX5000≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1400≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1500≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1501≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1510≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1511≥ V2.10.0 and < V2.15.02.15.0
RUGGEDCOM ROX RX1512≥ V2.10.0 and < V2.15.02.15.0
Remediation & Mitigation
0/5
Do now
0/2HOTFIXContact Siemens customer support to receive patch and update information for CVE-2023-6789, CVE-2023-6793, CVE-2023-38802, and CVE-2024-0008
WORKAROUNDFor CVE-2023-48795: Configure the in-use SSH profile to require at least one cipher and one MAC algorithm, removing support for CHACHA20-POLY1305 and all Encrypt-then-MAC (EtM) algorithms
Long-term hardening
0/3RUGGEDCOM APE1808
HARDENINGDeploy firewalls to restrict network access to RUGGEDCOM APE1808 management interfaces from trusted networks only
All products
HARDENINGImplement network segmentation to isolate industrial control system networks from business networks and the internet
HARDENINGImplement monitoring and intrusion detection on industrial network segments to detect suspicious command execution or traffic anomalies
CVEs (25)
CVE-2023-0286CVE-2017-8923CVE-2017-9120CVE-2020-25658CVE-2021-21708CVE-2021-43527CVE-2022-1271CVE-2022-3515CVE-2022-31676CVE-2022-37454CVE-2022-47629CVE-2023-6789CVE-2023-6793CVE-2023-38802CVE-2024-0008CVE-2024-2551CVE-2024-3383CVE-2024-3386CVE-2024-3387CVE-2024-3388CVE-2024-5916CVE-2024-5918CVE-2024-5919CVE-2024-8688CVE-2025-0127
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9891ab09-8426-4db3-85d7-8ed0161da495Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.