Multiple Vulnerabilities in Palo Alto Networks PAN-OS on RUGGEDCOM APE1808 Devices

Act Now10SSA-354569Nov 22, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Palo Alto Networks has published critical vulnerabilities in PAN-OS affecting RUGGEDCOM APE1808 industrial gateway devices. The vulnerabilities include authentication bypass, path traversal, command injection, and unsafe data handling (CWE-306, CWE-476, CWE-22, CWE-78). These vulnerabilities allow remote unauthenticated attackers to execute arbitrary commands on the device with complete system compromise. Siemens confirms that all versions of RUGGEDCOM APE1808 are affected. The vulnerabilities are actively exploited in the wild with an EPSS score of 94.3%.

What this means

What could happen

An attacker can remotely execute commands on the RUGGEDCOM APE1808 device without authentication, potentially disrupting network-based industrial automation and control functions that depend on this gateway device. This could halt communications between control systems and field devices in manufacturing environments.

Who's at risk

This affects manufacturing facilities and utilities that rely on RUGGEDCOM APE1808 devices as network gateways or firewalls for industrial automation systems. Any facility using this device for control system network protection is at risk of having that protection bypassed or the device itself compromised.

How it could be exploited

An attacker on the network sends a specially crafted request to the PAN-OS management interface on port 443 (or exposed web services). The vulnerability allows code execution without a login session. From there, the attacker can run arbitrary commands on the device, potentially modifying routing, access control, or shutting down the gateway entirely.

Prerequisites

Network access to the RUGGEDCOM APE1808 device
The device must be reachable on the network (typically port 443 for management interface)
No valid credentials required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)CVSS 10.0 (critical)EPSS 94.3%no patch available

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/3

HOTFIXUpgrade to Palo Alto Networks Virtual NGFW V11.1.8 or later when available from Siemens. Contact Siemens customer support for patch release schedule and availability.

WORKAROUNDUntil a patch is available, implement network segmentation to restrict access to the RUGGEDCOM APE1808 management interface. Only allow trusted administrator workstations to reach the device on port 443.

HARDENINGMonitor network traffic to and from the RUGGEDCOM APE1808 for suspicious activity, such as unexpected command execution or outbound connections.

CVEs (18)

CVE-2024-0012 CVE-2024-2550 CVE-2024-2552 CVE-2024-3393 CVE-2024-9474 CVE-2025-0108 CVE-2025-0109 CVE-2025-0110 CVE-2025-0111 CVE-2025-0115 CVE-2025-0116 CVE-2025-0123 CVE-2025-0124 CVE-2025-0125 CVE-2025-0126 CVE-2025-0128 CVE-2025-0130 CVE-2025-0137

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1cc8106b-93d1-45de-a894-ee6c97ded195