Siemens RUGGEDCOM APE1808 Devices

Act Now9.8ICS-CERT ICSA-26-071-02Mar 12, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

RUGGEDCOM APE1808 devices contain multiple vulnerabilities in request handling and validation (CWE-444, CWE-940, CWE-134, CWE-288) that allow unauthenticated remote code execution. An attacker can exploit these flaws to run arbitrary commands on the device without credentials. Siemens has indicated a patch is available and recommends updating to the latest version. The vulnerability is actively exploited in the wild.

What this means

What could happen

An attacker can execute arbitrary code on RUGGEDCOM APE1808 devices without authentication. This could allow them to alter industrial network traffic, intercept communications between control systems and field devices, or disrupt critical operations in energy, manufacturing, and transportation facilities.

Who's at risk

Energy utilities, water authorities, manufacturing plants, and transportation systems that use Siemens RUGGEDCOM APE1808 devices for industrial networking and communications gateway functions should prioritize this vulnerability. These devices sit between control networks and field devices, making them critical to maintaining safe and reliable operations.

How it could be exploited

An attacker with network access to the RUGGEDCOM APE1808 device can send a specially crafted request to exploit the vulnerability (CWE-444, CWE-940) and gain remote code execution. No credentials are required. Once on the device, the attacker could run arbitrary commands to modify network settings, reroute traffic, or disable communication between PLCs and remote terminal units.

Prerequisites

Network access to RUGGEDCOM APE1808 device
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)no patch availableaffects industrial network infrastructure

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionslatest version

Remediation & Mitigation

0/5

Do now

0/5

HOTFIXUpdate RUGGEDCOM APE1808 to the latest patched version provided by Siemens. Contact Siemens customer support for patch and update instructions.

HARDENINGIsolate RUGGEDCOM APE1808 devices from the internet using a firewall. Allow only necessary internal connections from authorized engineering workstations and control system devices.

HARDENINGSegment RUGGEDCOM APE1808 onto a separate industrial network isolated from business networks using network firewalls and air-gaps where possible.

WORKAROUNDIf remote access to RUGGEDCOM APE1808 is required, use a VPN with the latest available security patches. Verify VPN authentication and encryption settings meet your security requirements.

HARDENINGMonitor network traffic to and from RUGGEDCOM APE1808 for unusual connection attempts or suspicious commands. Report any signs of exploitation to CISA.

CVEs (4)

CVE-2026-24858 CVE-2025-55018 CVE-2025-62439 CVE-2025-64157

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/48264a92-024d-41fe-bcc2-6a56a204939d