Siemens RUGGEDCOM APE1808 Devices

Act NowCVSS 9.8ICS-CERT ICSA-25-135-01May 13, 2025

SiemensManufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple critical vulnerabilities exist in RUGGEDCOM APE1808 devices affecting authentication, cryptographic operations, and memory safety. These include CWE-522 (plaintext storage of credentials), CWE-295 (improper certificate validation), CWE-787 (out-of-bounds write), and CWE-358 (improper restriction of rendered UI layers). Vulnerabilities allow unauthenticated attackers to execute arbitrary code, bypass authentication mechanisms, access sensitive data, or perform privilege escalation. Siemens states it is preparing fix versions and recommends applying workarounds including configuring IPSec authentication to use PSK or disabling digital-signature-auth, and implementing network access controls. The advisory references upstream Fortinet FG-IR-24-373 for additional technical details.

What this means

What could happen

Multiple critical vulnerabilities in RUGGEDCOM APE1808 devices allow unauthenticated remote attackers to execute arbitrary code, bypass authentication, or access sensitive information. An attacker could gain control of the device and disrupt network connectivity, SCADA communications, or industrial process automation.

Who's at risk

This affects operators of Siemens RUGGEDCOM APE1808 industrial Ethernet switches and routers used in manufacturing, power generation, and critical infrastructure networks for SCADA communications and network backbone connectivity.

How it could be exploited

An attacker on the network can send crafted requests to the RUGGEDCOM APE1808 without authentication to trigger buffer overflows, authentication bypass, or cryptographic weaknesses. Once exploited, the attacker gains command execution on the device and can modify routing, VPN settings, or firewall rules to compromise the industrial network.

Prerequisites

Network access to the RUGGEDCOM APE1808 (TCP/IP connectivity)
Device must be exposed to an attacker's network segment

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)no patch availableaffects industrial network infrastructure

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (3 repositories)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/4

HOTFIXContact Siemens customer support immediately to receive patch and update information for your RUGGEDCOM APE1808 firmware version

WORKAROUNDFor CVE-2024-52963, configure IPSec phase1-interface to use pre-shared key (PSK) authentication or disable digital-signature-auth in the VPN configuration

HARDENINGRestrict network access to RUGGEDCOM APE1808 devices using firewall rules; allow only trusted management and SCADA traffic from known IP ranges

HARDENINGChange all default credentials on RUGGEDCOM APE1808 devices to strong, unique passwords

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGSegment RUGGEDCOM APE1808 devices onto a protected industrial network with limited connectivity to untrusted networks

CVEs (21)

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/59d92ad4-5fff-43a6-bb9f-4955b88036cb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.