Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.4-h1

Act Now9.1SSA-364175Jul 9, 2024

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Palo Alto Networks Virtual NGFW affect RUGGEDCOM APE1808 devices. These include improper access control (CWE-222), insufficient input validation (CWE-20, CWE-787), cross-site scripting (CWE-79), and resource exhaustion (CWE-400). An authenticated high-privilege attacker could achieve remote code execution, security bypass, or denial of service. Siemens is preparing firmware updates and recommends consulting Palo Alto Networks' upstream security notifications for interim countermeasures.

What this means

What could happen

An attacker with administrative credentials could exploit multiple vulnerabilities in the Palo Alto Networks Virtual NGFW running on RUGGEDCOM APE1808 devices to execute arbitrary code, bypass security controls, or cause denial of service, potentially disrupting network traffic filtering and industrial control system communications.

Who's at risk

Manufacturing facilities and utilities using Siemens RUGGEDCOM APE1808 devices as industrial edge firewalls or network security appliances. This includes water authorities and electric utilities relying on these devices to protect communications between control systems, remote terminal units (RTUs), and PLCs from external networks.

How it could be exploited

An attacker with high-level administrative access to the Virtual NGFW on the APE1808 could exploit multiple vulnerabilities (including improper input validation, buffer overflow, and cross-site scripting) to execute commands with system privileges, modify firewall rules, or crash the appliance. The attack requires prior authentication but affects system integrity and availability across the network segment.

Prerequisites

Valid high-level administrative credentials or prior compromise of an administrative account
Network access to the Palo Alto Virtual NGFW management interface on the RUGGEDCOM APE1808

Remotely exploitable (network access required)High CVSS score (9.1)High EPSS score (65.4%)Requires administrative credentialsNo patch currently availableAffects critical network security functions

Exploitability

High exploit probability (EPSS 65.4%)

Affected products (1)

ProductAffected VersionsFix Status

RUGGEDCOM APE1808All versions11.1.4-h1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict administrative access to the Virtual NGFW management interface to authorized personnel only and use strong authentication (e.g., multi-factor authentication if supported)

HARDENINGMonitor Palo Alto Networks security notifications and Siemens SSAs for additional mitigations or workarounds while patches are being prepared

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Palo Alto Networks Virtual NGFW to version 11.1.4-h1 or later on all RUGGEDCOM APE1808 devices

HOTFIXContact Siemens customer support and Palo Alto Networks for patch delivery and deployment guidance

CVEs (9)

CVE-2023-48795 CVE-2024-3596 CVE-2024-5913 CVE-2024-5920 CVE-2024-9468 CVE-2024-9471 CVE-2025-0114 CVE-2025-4231 CVE-2025-4619

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4522708c-8557-4fbf-8198-cee4a24cef7e