Siemens RUGGEDCOM APE 1808

Monitor7.5ICS-CERT ICSA-24-193-02Jul 9, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

Siemens RUGGEDCOM APE1808 contains vulnerabilities related to FortiGate NGFW security issues, including buffer overflow (CWE-121), session fixation (CWE-384), authentication bypass (CWE-306), unsafe input handling (CWE-79), and information disclosure (CWE-532). The vulnerabilities are inherited from FortiOS and affect all versions of the RUGGEDCOM APE1808. Siemens recommends updating to the latest FortiGate NGFW version and implementing upstream Fortinet workarounds.

What this means

What could happen

An attacker with network access to the RUGGEDCOM APE1808 could execute code remotely, potentially modifying network device settings, intercepting traffic, or disrupting connectivity for critical manufacturing control systems. The device may also leak sensitive configuration or credential information.

Who's at risk

Manufacturing facilities using Siemens RUGGEDCOM APE1808 as a hardened edge firewall or network appliance should be concerned. This includes plants relying on the APE1808 for segmentation between IT networks and industrial control system networks, as well as sites using it for remote access to manufacturing equipment.

How it could be exploited

An attacker on the network can send specially crafted requests to the RUGGEDCOM APE1808's web interface or network services to trigger buffer overflows, bypass authentication, or exploit input validation flaws. User interaction (like clicking a malicious link) may be required for some attack vectors. Successful exploitation could allow remote code execution on the firewall appliance.

Prerequisites

Network access to RUGGEDCOM APE1808 (port 80, 443, or other FortiGate service ports)
For some vectors: user interaction (e.g., clicking a link or opening a crafted file)
Device must be running a vulnerable version of FortiGate NGFW firmware

remotely exploitableaffects network security appliance (critical for ICS isolation)multiple CWEs including buffer overflow and authentication bypasslow EPSS score but high CVSS indicates potential for significant impactno patch currently available from Siemens

Exploitability

Moderate exploit probability (EPSS 4.9%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsNo fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement Fortinet upstream security workarounds referenced in Fortinet security advisories until patched firmware is available

WORKAROUNDRestrict network access to RUGGEDCOM APE1808 management interfaces (web, SSH) to authorized administrative systems only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Siemens customer support to obtain and schedule deployment of patched FortiGate NGFW firmware for RUGGEDCOM APE1808

Long-term hardening

0/2

HARDENINGIsolate RUGGEDCOM APE1808 behind an additional firewall layer; do not expose to the internet

HARDENINGImplement network segmentation to ensure the APE1808 separates business IT networks from manufacturing control networks with no direct cross-communication

CVEs (14)

CVE-2023-46720 CVE-2023-50176 CVE-2024-21754 CVE-2024-23111 CVE-2024-26006 CVE-2024-26008 CVE-2024-26010 CVE-2024-26011 CVE-2024-26015 CVE-2024-33510 CVE-2024-36505 CVE-2024-47570 CVE-2024-50568 CVE-2025-47295

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5e477399-4825-4408-aa71-16d63e0db110