Insyde BIOS Vulnerabilities in RUGGEDCOM APE1808 Product Family

Plan Patch7SSA-450613Feb 14, 2023

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Insyde BIOS vulnerabilities (CWE-367) affect the Siemens RUGGEDCOM APE1808 product family across all current BIOS versions prior to V1.0.212N. These vulnerabilities allow attackers with local access and user-level privileges to modify the BIOS firmware and execute arbitrary code during system boot, potentially compromising device integrity and behavior. The vulnerability impacts all APE1808 variants including ADM, CKP, ELAN, SAM-L, CLA-P, CLA-S1, CLA-S3, CLA-S5, LNX, and W10 models, as well as their CloudConnect versions.

What this means

What could happen

An attacker with local access to a RUGGEDCOM APE1808 device could modify the BIOS to execute arbitrary code during system boot, potentially compromising the integrity of process control logic or network communications for the device.

Who's at risk

Organizations running Siemens RUGGEDCOM APE1808 industrial switches in water, electric, or other critical infrastructure environments should prioritize this update. The APE1808 product family includes multiple variants (ADM, CKP, ELAN, SAM-L, CLA series, LNX, W10) used for network connectivity in control systems.

How it could be exploited

An attacker with physical access or local login to a RUGGEDCOM APE1808 device could exploit a BIOS vulnerability to write malicious code into the firmware. This code would execute before the operating system loads, giving the attacker full control over what the device does.

Prerequisites

Local access to the RUGGEDCOM APE1808 device (physical or via local shell)
User-level or higher privileges on the device
Current BIOS version older than V1.0.212N

BIOS-level vulnerabilityaffects all variants of APE1808 product linelocal privileges required but can lead to complete device compromisefirmware update required (may require downtime)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (22)

22 with fix

ProductAffected VersionsFix Status

RUGGEDCOM APE1808 ADMAll BIOS versions < V1.0.212NV1.0.212N

RUGGEDCOM APE1808 CKPAll BIOS versions < V1.0.212NV1.0.212N

RUGGEDCOM APE1808 CLOUDCONNECTAll BIOS versions < V1.0.212NV1.0.212N

RUGGEDCOM APE1808 CLOUDCONNECT CCAll BIOS versions < V1.0.212NV1.0.212N

RUGGEDCOM APE1808 ELANAll BIOS versions < V1.0.212NV1.0.212N

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate BIOS firmware to V1.0.212N or later on all RUGGEDCOM APE1808 variants

CVEs (6)

CVE-2022-30774 CVE-2022-31243 CVE-2022-33906 CVE-2022-33908 CVE-2022-33982 CVE-2022-33984

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/896507b7-6911-4395-828f-524415b76f5c