Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 Devices Before V11.1.2-h3
Act Now9.8SSA-455250Apr 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Palo Alto Networks Virtual NGFW running on Siemens RUGGEDCOM APE1808 devices contains multiple critical vulnerabilities (CWE-787 buffer overflow, CWE-190 integer overflow, CWE-416 use-after-free, CWE-269 improper privilege handling, and others) that allow unauthenticated remote attackers to execute arbitrary code, gain administrative access, or cause denial of service. All versions before V11.1.2-h3 are affected. The vulnerability is accessible via network without authentication and has low attack complexity.
What this means
What could happen
An attacker could remotely execute code or gain full administrative access to the RUGGEDCOM APE1808's Palo Alto Networks firewall, allowing them to intercept, modify, or block network traffic to industrial equipment and potentially disrupt communications with critical control systems.
Who's at risk
Manufacturing facilities that use Siemens RUGGEDCOM APE1808 industrial edge appliances as firewalls protecting PLCs, RTUs, and other automation equipment. These devices are commonly deployed in remote substations, manufacturing plants, and distributed control system networks to provide network perimeter security.
How it could be exploited
An unauthenticated attacker on the network can send specially crafted requests to the Virtual NGFW management interface or data plane to trigger buffer overflows, integer overflows, or privilege escalation flaws. No user interaction is required—exploitation is automatic upon network exposure.
Prerequisites
- Network access to the RUGGEDCOM APE1808 management interface or data plane ports
- The Palo Alto Networks Virtual NGFW on the device must be running a version before V11.1.2-h3
- No authentication credentials required for exploitation
remotely exploitableno authentication requiredlow complexityhigh EPSS score (88.5%)affects industrial network perimeter securitycritical CVSS (9.8)
Exploitability
High exploit probability (EPSS 88.5%)
Affected products (1)
ProductAffected VersionsFix Status
RUGGEDCOM APE1808All versionsV11.1.2-h3
Remediation & Mitigation
0/5
Do now
0/3HOTFIXUpdate RUGGEDCOM APE1808 Palo Alto Networks Virtual NGFW to version V11.1.2-h3 or later
HOTFIXContact Siemens customer support to obtain the patch and update package for your devices
WORKAROUNDRestrict network access to the RUGGEDCOM APE1808 management interface using firewall rules or network segmentation until the patch can be applied
Long-term hardening
0/2HARDENINGDisable unnecessary management protocols (SSH, HTTPS admin access) on the firewall if not actively used for operations
HARDENINGImplement network segmentation to isolate the RUGGEDCOM APE1808 from untrusted networks
CVEs (25)
CVE-2017-8923CVE-2017-9120CVE-2020-25658CVE-2021-21708CVE-2021-43527CVE-2022-1271CVE-2022-3515CVE-2022-31676CVE-2022-37454CVE-2022-47629CVE-2023-0286CVE-2023-6789CVE-2023-6793CVE-2023-38802CVE-2024-0008CVE-2024-2551CVE-2024-3383CVE-2024-3386CVE-2024-3387CVE-2024-3388CVE-2024-5916CVE-2024-5918CVE-2024-5919CVE-2024-8688CVE-2025-0127
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a520b1da-d0dd-456b-ab60-72dea0b92244