OTPulse
FeedAboutContact

Siemens RUGGEDCOM APE1808

Plan Patch7.5ICS-CERT ICSA-24-137-11May 14, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Nozomi Guardian/CMC before version 23.4.1 contains a denial-of-service vulnerability in input validation (CWE-20). The affected vulnerability allows an unauthenticated network attacker to crash or hang the monitoring service, causing the APE1808 appliance to become unavailable. Siemens has released version 23.4.1 and recommends immediate upgrade. Additionally, organizations should restrict API key access to specific IP addresses and use dedicated user accounts for OpenAPI operations.

What this means
What could happen
A denial-of-service vulnerability in Nozomi Guardian/CMC before version 23.4.1 could allow an unauthenticated attacker on the network to disrupt the APE1808 appliance, potentially causing loss of network visibility or control system availability.
Who's at risk
Manufacturing facilities using Siemens RUGGEDCOM APE1808 industrial appliances with Nozomi Guardian/CMC for network monitoring and control system management. This includes both the standard APE1808LNX and APE1808LNX CC (carrier-class) models used for industrial network visibility and security.
How it could be exploited
An attacker with network access to the APE1808 device sends a specially crafted request to an affected Nozomi Guardian/CMC service. The device does not properly validate the input, resulting in a crash or hang of the monitoring/control module. The appliance becomes unavailable until manually restarted.
Prerequisites
  • Network access to the APE1808 device on the network segment where it operates
  • No authentication required
Remotely exploitableNo authentication requiredLow complexityAffects industrial network visibility and availabilityImpacts both standard and critical infrastructure variants
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
RUGGEDCOM APE1808LNX<with Nozomi Guardian / CMC 23.4.1Nozomi Guardian/CMC v23.4.1
RUGGEDCOM APE1808LNX CC<with Nozomi Guardian / CMC 23.4.1Nozomi Guardian/CMC v23.4.1
Remediation & Mitigation
0/6
Do now
0/2
HARDENINGCreate specific unprivileged user accounts for OpenAPI access instead of using default or shared credentials
WORKAROUNDRestrict API keys to specific allowed IP addresses only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Nozomi Guardian/CMC to version 23.4.1 or later
HARDENINGRegenerate existing API keys and review API key sign-in audit logs for unauthorized access
Long-term hardening
0/2
HARDENINGPlace the APE1808 on a separate network segment protected by a firewall; do not expose to the internet or business networks
HARDENINGIf remote management is required, use a VPN with current security patches and secure credentials
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/bab9e660-be12-49b3-a7eb-ffb291c9f287
Siemens RUGGEDCOM APE1808 | CVSS 7.5 - OTPulse