Vulnerability in Nozomi Guardian/CMC before 23.4.1 on RUGGEDCOM APE1808 devices

Monitor7.5SSA-292022May 14, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Nozomi Networks has disclosed vulnerabilities in Nozomi Guardian/CMC before version 23.4.1. Siemens RUGGEDCOM APE1808 devices running affected versions of Guardian/CMC are vulnerable. The vulnerabilities involve improper input validation (CWE-20) and credential management (CWE-522). An unauthenticated remote attacker could cause a denial of service by triggering a crash or hang of the Guardian/CMC service. Siemens has released version 23.4.1 which corrects the issue. Customers should update to the latest version and contact Siemens support for patch delivery.

What this means

What could happen

An attacker could make the RUGGEDCOM APE1808 unavailable for network monitoring and access control, disrupting visibility into critical industrial network traffic and potentially preventing legitimate management operations.

Who's at risk

Manufacturing facilities and industrial networks using Siemens RUGGEDCOM APE1808 devices for network monitoring, access control, and industrial network segmentation. This includes water authorities and electric utilities that rely on these devices for visibility and management of critical infrastructure networks.

How it could be exploited

An unauthenticated attacker on the network sends a malformed request to Nozomi Guardian/CMC running on the RUGGEDCOM APE1808. The vulnerability in input validation causes the service to crash or become unresponsive, denying monitoring and management functions.

Prerequisites

Network access to the RUGGEDCOM APE1808 device
Nozomi Guardian/CMC running on the device (version before 23.4.1)
No credentials required

remotely exploitableno authentication requiredlow complexityaffects network monitoring capability

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

RUGGEDCOM APE1808LNXAll versions with Nozomi Guardian / CMC before 23.4.1No fix yet

RUGGEDCOM APE1808LNX CCAll versions with Nozomi Guardian / CMC before 23.4.1No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDMonitor RUGGEDCOM APE1808 availability and network connectivity; set alerts for service interruptions

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Nozomi Guardian/CMC to version 23.4.1 or later

HOTFIXContact Siemens/Nozomi customer support for patch delivery and update procedures

Long-term hardening

0/1

HARDENINGImplement network segmentation to restrict access to the RUGGEDCOM APE1808 management interface to authorized administrative networks only

CVEs (2)

CVE-2023-6916 CVE-2024-0218

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f55d5902-ae6c-4818-a912-d2b068a1840c