Siemens RUGGEDCOM APE1808 Devices
Act Now9.8ICS-CERT ICSA-25-135-01May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Siemens RUGGEDCOM APE1808 industrial ethernet devices contain multiple vulnerabilities in their authentication and security mechanisms, derived from Fortinet FortiOS upstream issues. These affect all versions of the APE1808. The vulnerabilities allow remote attackers to bypass authentication, inject commands, modify VPN/IPsec configurations, and gain unauthorized access without credentials. Siemens is preparing patches and recommends immediate implementation of VPN configuration workarounds and network access controls while awaiting vendor patches.
What this means
What could happen
An attacker with network access to the RUGGEDCOM APE1808 could execute commands remotely without authentication, potentially altering network security settings, disrupting industrial communications, or gaining control over connected control systems in manufacturing plants.
Who's at risk
Manufacturing plants using Siemens RUGGEDCOM APE1808 industrial ethernet switches or routers for process control network connectivity should prioritize remediation. Any facility relying on this device for VPN-secured communication between remote sites, control systems, or engineering workstations is at risk.
How it could be exploited
An attacker sends a crafted network request to the device's management interface (default ports 22/SSH, 23/Telnet, 80/HTTP, or 443/HTTPS). The device fails to properly validate credentials or authentication methods, allowing the attacker to inject commands or modify VPN/IPsec configuration. This leads to remote code execution or configuration changes that bypass security controls protecting your industrial network.
Prerequisites
- Network connectivity to the RUGGEDCOM APE1808 management ports (SSH, Telnet, HTTP, HTTPS)
- The device is exposed to untrusted networks or reachable from the internet
- No network access controls (firewall rules) restricting connections to the device
remotely exploitableno authentication requiredlow complexityactively exploited (KEV)no patch availableaffects industrial communicationscritical CVSS (9.8)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGImplement firewall rules to restrict network access to RUGGEDCOM APE1808 management ports (22, 23, 80, 443) from authorized engineering networks only
WORKAROUNDFor CVE-2024-52963, configure the VPN IPsec phase1-interface to use pre-shared key (psk) authentication instead of digital-signature-auth, or disable digital-signature-auth
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXContact Siemens customer support to receive patch and update information for RUGGEDCOM APE1808
Mitigations - no patch available
0/2RUGGEDCOM APE1808 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment the device into a protected industrial network with restricted access from IT systems and external networks
HARDENINGDeploy network monitoring to detect unauthorized access attempts to the device's management interface
CVEs (21)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/59d92ad4-5fff-43a6-bb9f-4955b88036cb