Siemens RUGGEDCOM APE1808 Devices

Act NowCVSS 9.8ICS-CERT ICSA-26-071-02Mar 10, 2026

SiemensEnergyManufacturingTransportation

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in RUGGEDCOM APE1808 allow remote code execution without authentication via improper HTTP request handling and authentication bypass. The vulnerabilities are related to HTTP request parsing (CWE-444), insufficient input validation (CWE-940, CWE-134), and missing authentication checks (CWE-288). Siemens has released patches and recommends updating to the latest version.

What this means

What could happen

An attacker on the network can remotely execute arbitrary code on the RUGGEDCOM APE1808 without authentication, potentially allowing them to modify traffic routing, disrupt network connectivity, or launch attacks on connected industrial systems.

Who's at risk

Energy utilities, manufacturing plants, and transportation systems that use RUGGEDCOM APE1808 devices as industrial network appliances, routers, or edge gateways should prioritize this immediately. This affects critical infrastructure where these rugged network devices sit between control networks and corporate systems or external connections.

How it could be exploited

An attacker with network access to the device can send a specially crafted request to exploit improper HTTP request handling or authentication bypass, leading to remote code execution. The device does not require authentication for the vulnerable endpoint.

Prerequisites

Network access to the device on its management or operational interface
No credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)critical CVSS 9.8affects network infrastructure serving industrial systems

Exploitability

Actively exploited — confirmed by CISA KEV

Public Proof-of-Concept (PoC) on GitHub (5 repositories)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionslatest version

Remediation & Mitigation

0/5

Do now

0/3

HOTFIXUpdate RUGGEDCOM APE1808 to the latest patched version available from Siemens

WORKAROUNDRestrict network access to the RUGGEDCOM APE1808 management interface using firewall rules—only allow trusted engineering workstations and control systems to connect

HARDENINGIsolate the RUGGEDCOM APE1808 and its network segment from the business network and the internet using a firewall or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to the device is required, implement a VPN connection and verify the VPN solution is updated to the latest version

HARDENINGMonitor network traffic to and from the RUGGEDCOM APE1808 for suspicious activity and report findings to CISA if malicious activity is suspected

CVEs (4)

CVE-2026-24858 CVE-2025-62439 CVE-2025-55018 CVE-2025-64157

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/48264a92-024d-41fe-bcc2-6a56a204939d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.