Siemens RUGGEDCOM APE1808
Act Now9.8ICS-CERT ICSA-25-044-06Feb 11, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Siemens RUGGEDCOM APE1808 contains multiple critical code injection, buffer overflow, and memory safety vulnerabilities (CWE-787, CWE-122, CWE-125, CWE-190, CWE-134, and others). These flaws allow unauthenticated remote attackers to execute arbitrary code on the device over the network with minimal complexity. The vulnerabilities are actively being exploited. Siemens recommends updating to the latest version available through customer support.
What this means
What could happen
An attacker with network access to the RUGGEDCOM APE1808 can execute arbitrary commands without authentication, potentially allowing them to alter process controls, disrupt communications, or disable safety functions in manufacturing and critical infrastructure networks.
Who's at risk
Manufacturing facilities and critical infrastructure operators using Siemens RUGGEDCOM APE1808 industrial switches and communication devices should prioritize this vulnerability. The device is commonly deployed in water utilities, electric utilities, oil and gas, and discrete manufacturing environments where network automation and remote monitoring are critical.
How it could be exploited
An attacker on the network sends a malicious request to the RUGGEDCOM APE1808 (port exposure or network reachability), exploiting one of the multiple code injection and buffer overflow flaws (CWE-787, CWE-122, CWE-125, CWE-190, CWE-134) to execute arbitrary code with no authentication required. This allows direct manipulation of device behavior and operational settings.
Prerequisites
- Network reachability to RUGGEDCOM APE1808 (no specific port restriction mentioned)
- No authentication required
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)EPSS 94.0%affects industrial networks and critical infrastructuremultiple code injection and buffer overflow flaws
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsNo fix yet
Remediation & Mitigation
0/4
Do now
0/3HOTFIXContact Siemens customer support immediately to obtain and deploy the latest patch for RUGGEDCOM APE1808
WORKAROUNDRestrict network access to RUGGEDCOM APE1808 using firewalls; ensure the device is not reachable from the internet or untrusted networks
HARDENINGIf remote access is required, enforce VPN-only connections to the device and keep VPN software current
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGIsolate manufacturing and critical infrastructure networks running RUGGEDCOM APE1808 from business networks with air-gapping or strict firewall policies
CVEs (30)
CVE-2022-42475CVE-2023-27997CVE-2024-3596CVE-2024-21762CVE-2024-26013CVE-2024-35279CVE-2024-36504CVE-2024-40591CVE-2024-45324CVE-2024-46665CVE-2024-46666CVE-2024-46668CVE-2024-46669CVE-2024-46670CVE-2024-47569CVE-2024-48884CVE-2024-48885CVE-2024-48886CVE-2024-50563CVE-2024-50565CVE-2024-50571CVE-2024-52965CVE-2024-54021CVE-2025-22251CVE-2025-22252CVE-2025-22254CVE-2025-22258CVE-2025-25252CVE-2025-58325CVE-2025-68686
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/4b48356e-9577-4254-a0fe-e362439d66d6